| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Postgres hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Handling better supported channel binding types for SSL implementations |
| Date: | 2018-01-22 13:05:36 |
| Message-ID: | 20180122130536.GC1772@paquier.xyz |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Jan 22, 2018 at 11:07:55AM +0100, Daniel Gustafsson wrote:
> An extensible API makes more sense than on/off (or one on/off call per
> binding). Perhaps a way to validate the contents of the list is
> required though? Or an assertion on the contents to catch errors
> during testing.
Do you have something specific in mind?
> Nitpicking: In src/backend/libpq/auth.c:CheckSCRAMAuth(), this comment
> reads a bit strange:
>
> + * Get the list of channel binding types supported by this SSL
> + * implementation to determine if server should publish -PLUS
> + * mechanisms or not.
>
> Since auth.c isn’t tied to any SSL implementation, shouldn’t it be
> “supported by the configured SSL implementation” or something along
> those lines?
Yes, your words sound better.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2018-01-22 13:46:07 | Re: [HACKERS] parallel.c oblivion of worker-startup failures |
| Previous Message | Robert Haas | 2018-01-22 12:40:30 | Re: [HACKERS] UPDATE of partition key |