| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Michael Paquier <michael(at)paquier(dot)xyz>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Direct SSL connection with ALPN and HBA rules |
| Date: | 2024-05-15 18:24:00 |
| Message-ID: | CAOYmi+nuXOoA=PUq9-Sm8jM+5PbPwznEzRNWS3phX7YE8QwWOg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, May 15, 2024 at 6:33 AM Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> Ok, yeah, I can see that now. Here's a new version to address that. I
> merged ENC_SSL_NEGOTIATED_SSL and ENC_SSL_DIRECT_SSL to a single method,
> ENC_SSL. The places that need to distinguish between them now check
> conn-sslnegotiation. That seems more clear now that there is no fallback.
That change and the new comment that were added seem a lot clearer to
me, too; +1. And I like that this potentially preps for
encryption=gss/ssl/none or similar.
This assertion seems a little strange to me:
> if (conn->sslnegotiation[0] == 'p')
> {
> ProtocolVersion pv;
>
> Assert(conn->sslnegotiation[0] == 'p');
But other than that nitpick, nothing else jumps out at me at the moment.
Thanks,
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2024-05-15 18:31:00 | Re: Support a wildcard in backtrace_functions |
| Previous Message | Jacob Champion | 2024-05-15 18:22:58 | Re: pgsql: Fix overread in JSON parsing errors for incomplete byte sequence |