Re: [PATCH] Log details for client certificate failures

Peter Eisentraut <peter.eisentraut@enterprisedb.com>

From: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
To: Jacob Champion <jchampion@timescale.com>, Tom Lane <tgl@sss.pgh.pa.us>
Cc: Andres Freund <andres@anarazel.de>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2022-09-13T14:11:47Z
Lists: pgsql-hackers
On 09.09.22 00:32, Jacob Champion wrote:
> On Thu, Jul 28, 2022 at 9:19 AM Jacob Champion <jchampion@timescale.com> wrote:
>> On Thu, Jul 21, 2022 at 4:29 PM Jacob Champion <jchampion@timescale.com> wrote:
>>> v4 attempts to fix this by letting the check hooks pass
>>> MCXT_ALLOC_NO_OOM to pg_clean_ascii(). (It's ignored in the frontend,
>>> which just mallocs.)
>>
>> Ping -- should I add an open item somewhere so this isn't lost?
> 
> Trying again. Peter, is this approach acceptable? Should I try something else?

This looks fine to me.  Committed.



Commits

  1. Fix tiny memory leaks

  2. Don't reflect unescaped cert data to the logs

  3. pg_clean_ascii(): escape bytes rather than lose them

  4. Log details for client certificate failures