Re: Allow ssl_renegotiation_limit in PG 9.5

On 17 October 2015 at 14:39, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Andres Freund <andres(at)anarazel(dot)de> writes:
> > Having to backpatch a new parameter to all supported versions seems far
> > more invasive than adding a guc that can only be set to one value.
>
> Indeed. It is completely stupid to do this in any other way except
> by reinstating ssl_renegotiation_limit as an ordinary GUC variable
> whose min and max are both zero.
>

Agreed, my suggestion requires we can set that GUC, but we can set
not-in-file also.

> Quite aside from the implementation effort of inventing some
> single-purpose kluge to do it another way, that solution would also
> cover the complaints we're doubtless gonna get that "SET
> ssl_renegotiation_limit = 0" doesn't work anymore.
>

Agreed, single purpose kluge is a bad thing.

Rough patch for the extensible, backpatchable, non-invasive proposal
attached.

--
Simon Riggs http://www.2ndQuadrant.com/
<http://www.2ndquadrant.com/>
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services