| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: TLS checking in pgstat |
| Date: | 2020-07-07 15:01:30 |
| Message-ID: | CABUevEzmYtDtbsZc2GSDLPJWu=ba35-nZjJBUhNb2ORovxaHHg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Jun 28, 2020 at 1:39 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> As I mentioned in [1], checking (struct Port)->ssl for NULL to determine
> whether TLS is used for connection is a bit of a leaky abstraction, as
> that's
> an OpenSSL specific struct member. This sets the requirement that all TLS
> implementations use a pointer named SSL, and that the pointer is set to
> NULL in
> case of a failed connection, which may or may not fit.
>
> Is there a reason to not use (struct Port)->ssl_in_use flag which tracks
> just
> what we're looking for here? This also maps against other parts of the
> abstraction in be-secure.c which do just that. The attached implements
> this.
>
Yeah, this seems perfectly reasonable.
I would argue this is a bug, but given how internal it is I don't think it
has any user visible effects yet (since we don't have more than one
provider), and thus isn't worthy of a backpatch.
Pushed.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2020-07-07 15:06:39 | Re: pg_resetwal --next-transaction-id may cause database failed to restart. |
| Previous Message | Robert Haas | 2020-07-07 14:22:47 | Re: Proposal: Automatic partition creation |