Re: Disallow SSL compression?

> On 3 Mar 2021, at 15:14, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> wrote:
>
> On 03.03.21 11:31, Daniel Gustafsson wrote:
>>> On 26 Feb 2021, at 20:34, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>>> Attached is a v2 which retains the sslcompression parameter for backwards
>>> compatibility.
>> And now a v3 which fixes an oversight in postgres_fdw as well as adds an SSL
>> TAP test to cover deprecated parameters.
>
> Per your other thread, you should also remove the environment variable.

Fixed.

> In postgres_fdw, I think commenting it out is not the right change. The other commented out values are still valid settings but are omitted from the test for other reasons. It's not entirely all clear, but we don't have to keep obsolete stuff in there forever.

Ah, I didn't get that distinction but that makes sense. Fixed.

The attached version takes a step further and removes sslcompression from
pg_conn and just eats the value as there is no use in setting a dummy alue. It
also removes compression from PgBackendSSLStatus and be_tls_get_compression as
raised by Michael downthread. I opted for keeping the column in pg_stat_ssl
with a note in the documentation that it will be removed, for the same
backwards compatibility reason of eating the connection param without acting on
it. This might be overthinking it however.

--
Daniel Gustafsson https://vmware.com/