From: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | Re: pgsql: Provide a TLS init hook |
Date: | 2020-03-26 01:11:09 |
Message-ID: | a2a8b035-f9bd-eeb4-46ca-72e857040b54@2ndQuadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
On 3/25/20 7:44 PM, Tom Lane wrote:
> I wrote:
>> Concretely, I see that contrib/sslinfo has
>> SHLIB_LINK += $(filter -lssl -lcrypto -lssleay32 -leay32, $(LIBS))
> I verified that that fixes things on macOS and pushed it, along with
> a couple other minor fixes.
Thanks.
>
> However, I'm quite desperately unhappy that the new test module
> does this:
>
> $node->append_conf('postgresql.conf', "listen_addresses = 'localhost'");
>
> That's opening a security hole. Note that we do *not* run src/test/ssl
> by default, and it has a README warning people not to run it on multiuser
> systems. It seems 100% unacceptable for this test to fire up a similarly
> insecure server without so much as a by-your-leave.
>
> I don't actually see why we need the localhost port at all --- it doesn't
> look like this test ever attempts to connect to the server. So couldn't
> we just drop that?
>
>
Seems reasonable. I just tested that and it seems quite happy, so I'll
make the change.
cheers
andrew
--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Dunstan | 2020-03-26 01:18:01 | pgsql: Don't listen to localhost in ssl_passphrase_callback test |
Previous Message | Tom Lane | 2020-03-25 23:44:55 | Re: pgsql: Provide a TLS init hook |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2020-03-26 01:28:16 | Re: pgsql: Provide a TLS init hook |
Previous Message | Tomas Vondra | 2020-03-26 00:17:17 | Re: [HACKERS] advanced partition matching algorithm for partition-wise join |