| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Add GUC checks for ssl_min_protocol_version and ssl_max_protocol |
| Date: | 2020-01-18 03:33:52 |
| Message-ID: | E1iserw-00051R-VK@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Add GUC checks for ssl_min_protocol_version and ssl_max_protocol_version
Mixing incorrect bounds set in the SSL context leads to confusing error
messages generated by OpenSSL which are hard to act on. New checks are
added within the GUC machinery to improve the user experience as they
apply to any SSL implementation, not only OpenSSL, and doing the checks
beforehand avoids the creation of a SSL during a reload (or startup)
which we know will never be used anyway.
Backpatch down to 12, as those parameters have been introduced by
e73e67c.
Author: Michael Paquier
Reviewed-by: Daniel Gustafsson
Discussion: https://postgr.es/m/20200114035420.GE1515@paquier.xyz
Backpatch-through: 12
Branch
------
REL_12_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/ac2dcca5dfe62177fd871a8f4f71430a1c92382c
Modified Files
--------------
src/backend/utils/misc/guc.c | 51 ++++++++++++++++++++++++++++++++++++++++--
src/test/ssl/t/001_ssltests.pl | 20 ++++++++++++++++-
src/test/ssl/t/SSLServer.pm | 2 +-
3 files changed, 69 insertions(+), 4 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-01-18 22:51:36 | pgsql: Doc: rearrange the documentation of binary-string functions. |
| Previous Message | Tom Lane | 2020-01-17 23:41:02 | Re: pgsql: Add a non-strict version of jsonb_set |