| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Improve errors when setting incorrect bounds for SSL protocols |
| Date: | 2020-02-07 00:33:35 |
| Message-ID: | 20200207003335.GO23913@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Feb 06, 2020 at 11:30:40PM +0100, Daniel Gustafsson wrote:
> Or change to the v1 patch in this thread, which avoids the problem by doing it
> in the OpenSSL code. It's a shame to have generic TLS functionality be OpenSSL
> specific when everything else TLS has been abstracted, but not working is
> clearly a worse option.
The v1 would work just fine considering that, as the code would be
invoked in a context where all GUCs are already loaded. That's too
late before the release though, so I have reverted 41aadee, and
attached is a new patch to consider with improvements compared to v1
mainly in the error messages.
--
Michael
| Attachment | Content-Type | Size |
|---|---|---|
| ssl-proto-context-v3.patch | text/x-diff | 5.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2020-02-07 00:37:55 | Re: Getting rid of some more lseek() calls |
| Previous Message | Thomas Munro | 2020-02-07 00:01:09 | Re: typedef SegmentNumber |