| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
| Cc: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Robert Haas <robertmhaas(at)gmail(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Direct SSL connection with ALPN and HBA rules |
| Date: | 2024-05-13 14:54:30 |
| Message-ID: | 0b42d924-1740-41c4-a628-3e2211e6bbc4@iki.fi |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 13/05/2024 16:55, Jelte Fennema-Nio wrote:
> On Mon, 13 May 2024 at 15:38, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
>> Here's a patch to implement that.
>
> + if (conn->sslnegotiation[0] == 'd' &&
> + conn->sslmode[0] != 'r' && conn->sslmode[0] != 'v')
>
> I think these checks should use strcmp instead of checking magic first
> characters. I see this same clever trick is used in the recently added
> init_allowed_encryption_methods, and I think that should be changed to
> use strcmp too for readability.
Oh yeah, I hate that too. These should be refactored into enums, with a
clear separate stage of parsing the options from strings. But we use
that pattern all over the place, so I didn't want to start reforming it
with this patch.
--
Heikki Linnakangas
Neon (https://neon.tech)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2024-05-13 15:14:42 | Re: cataloguing NOT NULL constraints |
| Previous Message | Matthias van de Meent | 2024-05-13 14:52:49 | Re: WAL_LOG CREATE DATABASE strategy broken for non-standard page layouts |