From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
---|---|
To: | Michael Paquier <michael(at)paquier(dot)xyz> |
Cc: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Direct SSL connection with ALPN and HBA rules |
Date: | 2024-04-29 09:43:18 |
Message-ID: | a976fd87-c808-4ca2-a05a-9ac08da6c55b@iki.fi |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 23/04/2024 10:07, Michael Paquier wrote:
> In the documentation of PQsslAttribute(), it is mentioned that empty
> string is returned for "alpn" if ALPN was not used, however the code
> returns NULL in this case:
> SSL_get0_alpn_selected(conn->ssl, &data, &len);
> if (data == NULL || len == 0 || len > sizeof(alpn_str) - 1)
> return NULL;
Good catch. I changed the code to return an empty string, as the
documentation says.
I considered if NULL or empty string would be better here. The docs for
PQsslAttribute also says:
"Returns NULL if the connection does not use SSL or the specified
attribute name is not defined for the library in use."
If a caller wants to distinguish between "libpq or the SSL library
doesn't support ALPN at all" from "the server didn't support ALPN", you
can tell from whether PQsslAttribute returns NULL or an empty string. So
I think an empty string is better.
--
Heikki Linnakangas
Neon (https://neon.tech)
From | Date | Subject | |
---|---|---|---|
Next Message | Amit Kapila | 2024-04-29 09:56:48 | Re: speed up a logical replica setup |
Previous Message | Michael Paquier | 2024-04-29 09:19:48 | Re: A failure in prepared_xacts test |