| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL SNI |
| Date: | 2021-06-08 06:54:36 |
| Message-ID: | YL8ULDGZaTDw3Swa@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Jun 07, 2021 at 11:34:24AM -0400, Tom Lane wrote:
> Yeah, I'd include the empty-string test just because it's standard
> practice in this area of libpq. Whether those tests are actually
> triggerable in every case is obscure, but ...
Checking after a NULL string and an empty one is more libpq-ish.
> Patch looks sane by eyeball, though I didn't test it.
I did, and I could not break it.
+ SSLerrfree(err);
+ SSL_CTX_free(SSL_context);
+ return -1;
It seems to me that there is no need to free SSL_context if
SSL_set_tlsext_host_name() fails here, except if you'd like to move
the check for the SNI above SSL_CTX_free() around L1082. There is no
harm as SSL_CTX_free() is a no-op on NULL input.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2021-06-08 07:32:14 | Re: Transactions involving multiple postgres foreign servers, take 2 |
| Previous Message | Peter Smith | 2021-06-08 06:19:38 | Re: [HACKERS] logical decoding of two-phase transactions |