| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Sergey Shinderuk <s(dot)shinderuk(at)postgrespro(dot)ru>, Jacob Champion <jchampion(at)timescale(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Fix error handling in be_tls_open_server() |
| Date: | 2023-09-19 00:54:54 |
| Message-ID: | ZQjxXuoKqt5ahkzv@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Sep 18, 2023 at 02:35:28PM +0200, Daniel Gustafsson wrote:
> Certificates can be regenerated with the buildsystem, which ideally would apply
> to this cert as well, but if that's not feasible we can perhaps accept a static
> one with build information detailed in the README. Having such a cert could
> for sure be interesting for testing.
WFM, but I'd prefer something that would be generated with the
makefile rules. These are so handy when it comes to regenerate all
these certs..
> Awaiting resolution on this, I propose we go ahead with the original patch from
> this thread. Any objections to that?
I was wondering for a few seconds if you talked about the one posted
on [1], which would break the case where X509_NAME_get_text_by_NID()
fails if there's a valid bio, but you mean the one at the top of the
thread in [2], of course :)
One doubt that I have is if we shouldn't let X509_NAME_print_ex() be
as it is now, and not force a failure on the bio if this calls fails.
[1]: https://www.postgresql.org/message-id/E3921399-FAE7-4B1F-B1BF-B3357DDC9F19@yesql.se
[2]: https://www.postgresql.org/message-id/8db5374d-32e0-6abb-d402-40762511eff2@postgrespro.ru
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2023-09-19 00:57:44 | Re: XLog size reductions: smaller XLRec block header for PG17 |
| Previous Message | 쿼리트릭스 | 2023-09-19 00:19:34 | Re: [ psql - review request ] review request for \d+ tablename, \d+ indexname indenting |