Re: Inconsistent error handling in the openssl init code

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
Subject: Re: Inconsistent error handling in the openssl init code
Date: 2019-02-07 09:03:30
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

> On 7 Feb 2019, at 05:12, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> On Wed, Feb 06, 2019 at 11:18:22PM +0100, Daniel Gustafsson wrote:
>> The errorhandling in be_tls_init(), and functions called from it, set the
>> appropriate elevel by the isServerStart. ssl_protocol_version_to_openssl() is
>> however erroring out unconditionally with ERROR on invalid TLS versions. The
>> attached patch adds isServerStart handling to the TLS version handling as well,
>> to make be_tls_init() consistent in its errorhandling.
> (Adding Peter Eisentraut in CC)
> Good catch, this is an oversight from commit e73e67c7, which affects
> only HEAD. The comment at the top of ssl_protocol_version_to_openssl
> becomes incorrect as the function would not throw an error in a reload
> context.

Doh, managed to completely overlook that. The attached updated patch also
fixes the comment, thanks!

cheers ./daniel

Attachment Content-Type Size
openssl_tlsver-v2.patch application/octet-stream 3.3 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Pavel Stehule 2019-02-07 09:08:35 Re: ToDo: show size of partitioned table
Previous Message Dave Page 2019-02-07 09:03:06 Re: phase out ossp-uuid?