| From: | "Si, Evan" <evsi(at)amazon(dot)com> |
|---|---|
| To: | Ewan Young <kdbase(dot)hack(at)gmail(dot)com> |
| Cc: | "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [PATCH] Clarify that ssl_groups is for any key exchange groups |
| Date: | 2026-06-03 17:29:30 |
| Message-ID: | 273BE242-48AE-41EE-8CDD-7A981502B056@amazon.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 6/2/26, 11:32 PM, "Ewan Young" <kdbase(dot)hack(at)gmail(dot)com <mailto:kdbase(dot)hack(at)gmail(dot)com>> wrote:
>
> +1 for the idea. (I'm fairly new here, so please take my comments with
> a grain of salt.)
Thanks for the review!
> 1. The comment just above the renamed call in be_tls_init() still
> says "set up ephemeral DH and ECDH keys". Maybe it should be
> updated to match?
Right, that makes sense. I did a larger grep and updated comments where I found stale references to curves and (EC)DH.
> 2. The SSLECDHCurve variable (and its "GUC variable for default ECDH
> curve" comment in be-secure.c) still uses the old naming. I wasn't
> sure if that was left out intentionally to keep the patch small --
> if not, would it make sense to rename it too, for consistency with
> the initialize_groups() rename?
This also seems reasonable. I didn't find usage of this extern outside of Postgres itself in the wild from a brief search.
Attached a revision.
Evan
| Attachment | Content-Type | Size |
|---|---|---|
| v2-0001-Clarify-that-ssl_groups-is-for-any-key-exchange-g.patch | application/octet-stream | 6.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2026-06-03 17:36:14 | Re: Report oldest xmin source when autovacuum cannot remove tuples |
| Previous Message | Mihail Nikalayeu | 2026-06-03 17:27:00 | Re: Adding REPACK [concurrently] |