| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | Postgres hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Handling better supported channel binding types for SSL implementations |
| Date: | 2018-01-22 15:52:11 |
| Message-ID: | 3136558B-9FCB-41BA-8B56-5B9B5A2A8F07@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 22 Jan 2018, at 14:05, Michael Paquier <michael(dot)paquier(at)gmail(dot)com> wrote:
>
> On Mon, Jan 22, 2018 at 11:07:55AM +0100, Daniel Gustafsson wrote:
>> An extensible API makes more sense than on/off (or one on/off call per
>> binding). Perhaps a way to validate the contents of the list is
>> required though? Or an assertion on the contents to catch errors
>> during testing.
>
> Do you have something specific in mind?
Not really, but IIUC a bug in this code could lead to channel binding not being
used for a connection even if the user wanted it (and may miss that ixt didn’t
happen due to not looking at logs etc)? Considering the limited set of values
(currently) it should be quite simple to check for offending entries, if there
is indeed a risk of “silently” not using channel binding.
cheers ./daniel
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Konstantin Knizhnik | 2018-01-22 16:05:25 | Re: Built-in connection pooling |
| Previous Message | Petr Jelinek | 2018-01-22 15:40:14 | Re: Logical Decoding and HeapTupleSatisfiesVacuum assumptions |