Re: Setting min/max TLS protocol in clientside libpq

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Paquier <michael@paquier.xyz>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, cary huang <hcary328@gmail.com>, pgsql-hackers@lists.postgresql.org
Date: 2020-01-24T11:19:31Z
Lists: pgsql-hackers

Attachments

> On 17 Jan 2020, at 03:38, Michael Paquier <michael@paquier.xyz> wrote:
> 
> On Fri, Jan 17, 2020 at 10:09:54AM +0900, Michael Paquier wrote:
>> Could you please rebase and fix the remaining pieces of the patch?
> 
> And while I remember, you may want to add checks for incorrect bounds
> when validating the values in fe-connect.c...  The same arguments as
> for the backend part apply because we'd want to make the
> implementation a maximum pluggable with all SSL libraries.

Agreed.

Attached is a v5 of the patch which hopefully address all the comments raised,
sorry for the delay.

cheers ./daniel

Commits

  1. Rename connection parameters to control min/max SSL protocol version in libpq

  2. Add connection parameters to control SSL protocol min/max in libpq

  3. Move OpenSSL routines for min/max protocol setting to src/common/