| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | TLS checking in pgstat |
| Date: | 2020-06-28 11:39:38 |
| Message-ID: | B88BC38F-BBF1-4755-976E-F8418667656D@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
As I mentioned in [1], checking (struct Port)->ssl for NULL to determine
whether TLS is used for connection is a bit of a leaky abstraction, as that's
an OpenSSL specific struct member. This sets the requirement that all TLS
implementations use a pointer named SSL, and that the pointer is set to NULL in
case of a failed connection, which may or may not fit.
Is there a reason to not use (struct Port)->ssl_in_use flag which tracks just
what we're looking for here? This also maps against other parts of the
abstraction in be-secure.c which do just that. The attached implements this.
cheers ./daniel
[1] FAB21FC8-0F62-434F-AA78-6BD9336D630A(at)yesql(dot)se
| Attachment | Content-Type | Size |
|---|---|---|
| ssl_reporting.patch | application/octet-stream | 1.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dilip Kumar | 2020-06-28 12:22:38 | Re: [HACKERS] Custom compression methods |
| Previous Message | Daniel Gustafsson | 2020-06-28 11:10:48 | Commitfest 2020-07 |