contrib/sslinfo cleanup and OpenSSL errorhandling

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: contrib/sslinfo cleanup and OpenSSL errorhandling
Date: 2020-10-29 22:48:57
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

While hacking on the NSS patch I realized that sslinfo was passing the ->ssl
Port member directly to OpenSSL in order to extract information regarding the
connection. This breaks the API provided by the backend, as well as duplicates
code for no real benefit. The attached 0001 patch rewrites sslinfo to use the
be_tls_* API where possible to reduce duplication and keep the codebase TLS
dependency (mostly) tucked away behind a nice API. 0001 also contains a small
sslinfo doc update to cover that TLSv1.3 is a supported protocol.

0002 ports OpenSSL errorhandling introduced in d94c36a45ab which was performed
for sslinfo but not the backend. I agree with the commit message that the risk
is small (but not non-existing), but if the checks were important enough for
sslinfo I'd argue they make sense for the backend too.

This patchset was pulled from the NSS patch, but it is entirely independent
from NSS.

cheers ./daniel

Attachment Content-Type Size
0002-Improve-error-handling-in-backend-OpenSSL-implementa.patch application/octet-stream 1.9 KB
0001-Use-be_tls_-API-for-SSL-information-in-sslinfo.patch application/octet-stream 6.6 KB


Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2020-10-29 23:10:37 EXPLAIN vs track_io_timing=on vs tests
Previous Message Tomas Vondra 2020-10-29 22:06:52 Re: enable_incremental_sort changes query behavior