| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Postgres hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | check_ssl_key_file_permissions should be in be-secure-common.c |
| Date: | 2018-04-02 06:51:49 |
| Message-ID: | 20180402065149.GC1908@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter, Daniel,
The recent commit 8a3d9425 which has introduced SSL passphrase support
has also added be-secure-common.c, which works similarly to
fe-secure-common.c but for the backend.
I was just reading this code area, when I noticed that
check_ssl_key_file_permissions is called by be-secure-openssl.c but the
routine is defined in be-secure.c, causing some back-and-forth between
the two files.
It seems to me that this routine should be logically put into
be-secure-common.c so as future SSL implementations can use it. This
makes the code more consistent with the frontend refactoring that has
happened in f75a959. I would not have bothered about this refactoring
if be-secure-openssl.c did not exist yet, but as it does I think that we
should bite the bullet, and do that for v11 so as a good base is in
place for the future.
A patch is attached.
Thanks,
--
Michael
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Make-be-secure-common.c-more-consistent-for-future-S.patch | text/x-diff | 7.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nikhil Sontakke | 2018-04-02 07:49:24 | Re: [HACKERS] logical decoding of two-phase transactions |
| Previous Message | Arthur Zakirov | 2018-04-02 06:45:06 | Re: json(b)_to_tsvector with numeric values |