Re: Making openssl_tls_init_hook OpenSSL specific

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc: PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>
Subject: Re: Making openssl_tls_init_hook OpenSSL specific
Date: 2020-04-17 01:57:09
Message-ID: 20200417015709.GI81957@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, Apr 16, 2020 at 02:17:33PM +0200, Daniel Gustafsson wrote:
> Commit 896fcdb230e72 (sorry for chiming in too late, I missed that thread)
> added a TLS init hook which is OpenSSL specific: openssl_tls_init_hook. Since
> the rest of the TLS support in the backend is library agnostic, we should IMO
> make this hook follow that pattern, else this will make a non-OpenSSL backend
> not compile.

Better sooner than later, thanks for the report.

> If we make the hook generic, extension authors must have a way to tell which
> backend invoked it, so maybe the best option is to simply wrap this hook in
> USE_OPENSSL ifdefs and keep the name/signature? Looking at the Secure
> Transport patch I wrote, there is really no equivalent callsite; the same goes
> for a libnss patch which I haven't yet submitted.
>
> The attached adds USE_OPENSSL guards.

I agree that this looks like an oversight of the original commit
introducing the hook as it gets called in the OpenSSL code path of
be_tls_init(), so I think that your patch is right (though I would
have just used #ifdef USE_OPENSSL here). And if the future proves
that this hook has more uses for other SSL implementations, we could
always rework it at this point, if necessary. Andrew, would you
prefer fixing that yourself?
--
Michael

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Thomas Munro 2020-04-17 02:12:44 Re: fixing old_snapshot_threshold's time->xid mapping
Previous Message Patrick REED 2020-04-17 01:57:02 Re: Lexer issues