From: | Andres Freund <andres(at)anarazel(dot)de> |
---|---|
To: | Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi> |
Cc: | pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | Re: pgsql: Send ALPN in TLS handshake, require it in direct SSL connections |
Date: | 2024-04-08 01:50:55 |
Message-ID: | 20240408015055.xsuahullywpfwyvu@awork3.anarazel.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Hi,
On 2024-04-08 01:25:40 +0000, Heikki Linnakangas wrote:
> Send ALPN in TLS handshake, require it in direct SSL connections
>
> libpq now always tries to send ALPN. With the traditional negotiated
> SSL connections, the server accepts the ALPN, and refuses the
> connection if it's not what we expect, but connecting without ALPN is
> still OK. With the new direct SSL connections, ALPN is mandatory.
>
> NOTE: This uses "TBD-pgsql" as the protocol ID. We must register a
> proper one with IANA before the release!
>
> Author: Greg Stark, Heikki Linnakangas
> Reviewed-by: Matthias van de Meent, Jacob Champion
My compiler complains:
[396/992 42 39%] Compiling C object src/backend/postgres_lib.a.p/libpq_be-secure-openssl.c.o
../../../../../home/andres/src/postgresql/src/backend/libpq/be-secure-openssl.c: In function 'alpn_cb':
../../../../../home/andres/src/postgresql/src/backend/libpq/be-secure-openssl.c:1327:69: warning: ordered comparison of pointer with integer zero [-Wextra]
1327 | if (*out == NULL || *outlen > sizeof(alpn_protos) || outlen <= 0)
| ^~
[991/992 1 99%] Linking target src/bin/pg_dump/pg_dump
And I think it may show why the warning is a good idea - I assume
"*outlen <= 0" was intended?
Greetings,
Andres Freund
From | Date | Subject | |
---|---|---|---|
Next Message | Heikki Linnakangas | 2024-04-08 02:06:36 | pgsql: Fix check for 'outlen' return from SSL_select_next_proto() |
Previous Message | Heikki Linnakangas | 2024-04-08 01:34:36 | pgsql: Silence perlcritic warnings in new libpq tests |