| From: | Shay Rojansky <roji(at)roji(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: PostgreSQL not setting OpenSSL session id context? |
| Date: | 2017-08-04 04:22:42 |
| Message-ID: | CADT4RqBFWahVhyFea74T2tRbkfMe=KqU4QdJ7XE0c-aHoAesMw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I tested the patch.
Doing SSL_CTX_set_session_cache_mode(context, SSL_SESS_CACHE_OFF) doesn't
have any effect whatsoever - I still have the same issue (session id
context uninitialized). I suspect session caching is an entirely different
feature from session tickets/RFC5077 (although it might still be a good
idea to disable).
Doing SSL_CTX_set_options(context, SSL_OP_NO_TICKET) indeed resolves the
issue, as expected. As I wrote above, I'd remove the #ifdef and execute it
always.
I'm still not convinced of the risk/problem of simply setting the session
id context as I explained above (rather than disabling the optimization),
but of course either solution resolves my problem.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2017-08-04 04:27:05 | Re: PostgreSQL not setting OpenSSL session id context? |
| Previous Message | AP | 2017-08-04 03:49:54 | Re: pgsql 10: hash indexes testing |