| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL SNI |
| Date: | 2021-06-08 14:12:44 |
| Message-ID: | 559ffbc8-05ed-c44c-728a-d2a71d1232a7@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 08.06.21 08:54, Michael Paquier wrote:
> On Mon, Jun 07, 2021 at 11:34:24AM -0400, Tom Lane wrote:
>> Yeah, I'd include the empty-string test just because it's standard
>> practice in this area of libpq. Whether those tests are actually
>> triggerable in every case is obscure, but ...
>
> Checking after a NULL string and an empty one is more libpq-ish.
>
>> Patch looks sane by eyeball, though I didn't test it.
>
> I did, and I could not break it.
>
> + SSLerrfree(err);
> + SSL_CTX_free(SSL_context);
> + return -1;
> It seems to me that there is no need to free SSL_context if
> SSL_set_tlsext_host_name() fails here, except if you'd like to move
> the check for the SNI above SSL_CTX_free() around L1082. There is no
> harm as SSL_CTX_free() is a no-op on NULL input.
Good point. Committed that way.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2021-06-08 14:30:00 | Re: Misplaced superuser check in pg_log_backend_memory_contexts() |
| Previous Message | David Rowley | 2021-06-08 13:40:06 | Re: automatically generating node support functions |