Re: Improve errors when setting incorrect bounds for SSL protocols
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Postgres hackers <pgsql-hackers@lists.postgresql.org>
Cc: Michael Paquier <michael@paquier.xyz>
Date: 2020-04-29T11:57:49Z
Lists: pgsql-hackers
Attachments
- minmaxproto_guc.patch (application/octet-stream) patch
Working in the TLS corners of the backend, I found while re-reviewing and re-testing for the release that this patch actually was a small, but vital, brick shy of a load. The error handling is always invoked due to a set of missing braces. Going into the check will cause the context to be freed and be_tls_open_server error out. The tests added narrowly escapes it by not setting the max version in the final test, but I'm not sure it's worth changing that now as not setting a value is an interesting testcase too. Sorry for missing that at the time of reviewing. cheers ./daniel
Commits
-
Fix check for conflicting SSL min/max protocol settings
- e30b0b5cfaeb 13.0 landed
-
Add bound checks for ssl_min_protocol_version and ssl_max_protocol_version
- 79dfa8afb296 13.0 landed
-
Revert "Add GUC checks for ssl_min_protocol_version and ssl_max_protocol_version"
- 2f4733993a96 12.2 landed
- 414c2fd1e1c0 13.0 landed
-
Add GUC checks for ssl_min_protocol_version and ssl_max_protocol_version
- ac2dcca5dfe6 12.2 landed
- 41aadeeb124e 13.0 landed