Re: [PoC] Let libpq reject unexpected authentication requests

On 11/11/22 05:52, Aleksander Alekseev wrote:
> I noticed that this patchset stuck a bit so I decided to take a look.

Thanks!

> Assigning a negative number to uint32 doesn't necessarily work on all
> platforms. I suggest using PG_UINT32_MAX.

Hmm -- on which platforms is "-1 converted to unsigned" not equivalent
to the maximum value? Are they C-compliant?

> The commit message IMO has a better description of "require". I
> suggest adding the part about "This doesn't add any additional
> security ..." to the documentation.

Sounds good; see what you think of v12.

> ```
> + * hard-coded certificate via sslcert, so we don't actually set any
> certificates
> + * here; we just it to record whether or not the server has actually asked for
> ```
>
> Something is off with the wording here in the "we just it to ..." part.

Fixed.

> The patchset seems to be in very good shape except for these few
> nitpicks. I'm inclined to change its status to "Ready for Committer"
> as soon as the new version will pass cfbot unless there are going to
> be any objections from the community.

Thank you! I expect a maintainer will need to weigh in on the
cost/benefit of 0003 either way.

--Jacob