tls_method.diff
application/octet-stream
Filename: tls_method.diff
Type: application/octet-stream
Part: 0
Message:
Re: disabled SSL log_like tests
Patch
Format: unified
| File | + | − |
|---|---|---|
| src/backend/libpq/be-secure-openssl.c | 3 | 4 |
| src/interfaces/libpq/fe-secure-openssl.c | 1 | 1 |
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 64ff3ce3d6a..d65704f6110 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -106,12 +106,11 @@ be_tls_init(bool isServerStart)
* settings. If we fail partway through, we can avoid memory leakage by
* freeing this context; we don't install it as active until the end.
*
- * We use SSLv23_method() because it can negotiate use of the highest
+ * We use TLS_method() because it can negotiate use of the highest
* mutually supported protocol version, while alternatives like
- * TLSv1_2_method() permit only one specific version. Note that we don't
- * actually allow SSL v2 or v3, only TLS protocols (see below).
+ * TLSv1_2_method() permit only one specific version.
*/
- context = SSL_CTX_new(SSLv23_method());
+ context = SSL_CTX_new(TLS_method());
if (!context)
{
ereport(isServerStart ? FATAL : LOG,
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 78f9e84eb35..89669173412 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -767,7 +767,7 @@ initialize_SSL(PGconn *conn)
* complicated if connections used different certificates. So now we
* create a separate context for each connection, and accept the overhead.
*/
- SSL_context = SSL_CTX_new(SSLv23_method());
+ SSL_context = SSL_CTX_new(TLS_method());
if (!SSL_context)
{
char *err = SSLerrmessage(ERR_get_error());