Re: Improve errors when setting incorrect bounds for SSL protocols
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-02-07T00:33:35Z
Lists: pgsql-hackers
Attachments
- ssl-proto-context-v3.patch (text/x-diff) patch v3
On Thu, Feb 06, 2020 at 11:30:40PM +0100, Daniel Gustafsson wrote: > Or change to the v1 patch in this thread, which avoids the problem by doing it > in the OpenSSL code. It's a shame to have generic TLS functionality be OpenSSL > specific when everything else TLS has been abstracted, but not working is > clearly a worse option. The v1 would work just fine considering that, as the code would be invoked in a context where all GUCs are already loaded. That's too late before the release though, so I have reverted 41aadee, and attached is a new patch to consider with improvements compared to v1 mainly in the error messages. -- Michael
Commits
-
Fix check for conflicting SSL min/max protocol settings
- e30b0b5cfaeb 13.0 landed
-
Add bound checks for ssl_min_protocol_version and ssl_max_protocol_version
- 79dfa8afb296 13.0 landed
-
Revert "Add GUC checks for ssl_min_protocol_version and ssl_max_protocol_version"
- 2f4733993a96 12.2 landed
- 414c2fd1e1c0 13.0 landed
-
Add GUC checks for ssl_min_protocol_version and ssl_max_protocol_version
- ac2dcca5dfe6 12.2 landed
- 41aadeeb124e 13.0 landed