| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Remove duplicate setting of SSL_OP_SINGLE_DH_USE option. |
| Date: | 2017-08-02 15:28:55 |
| Message-ID: | E1dcvZv-0000Ko-AY@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Remove duplicate setting of SSL_OP_SINGLE_DH_USE option.
Commit c0a15e07c moved the setting of OpenSSL's SSL_OP_SINGLE_DH_USE option
into a new subroutine initialize_dh(), but forgot to remove it from where
it was. SSL_CTX_set_options() is a trivial function, amounting indeed to
just "ctx->options |= op", hence there's no reason to contort the code or
break separation of concerns to avoid calling it twice. So separating the
DH setup from disabling of old protocol versions is a good change, but we
need to finish the job.
Noted while poking into the question of SSL session tickets.
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/f352f91cbf2f662c4f043d3650010b02da0cde1c
Modified Files
--------------
src/backend/libpq/be-secure-openssl.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2017-08-02 15:36:21 | pgsql: Get a snapshot before COPY in table sync |
| Previous Message | Peter Eisentraut | 2017-08-02 14:49:16 | pgsql: Fix OBJECT_TYPE/OBJECT_DOMAIN confusion |