Re: tls 1.3: sending multiple tickets

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Marina Polyakova <m.polyakova@postgrespro.ru>, Heikki Linnakangas <hlinnaka@iki.fi>, Andres Freund <andres@anarazel.de>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2024-07-29T09:56:55Z
Lists: pgsql-hackers

Attachments

> On 26 Jul 2024, at 20:29, Robert Haas <robertmhaas@gmail.com> wrote:

> One of my chronic complaints about comments is
> that they should say why we're doing things, not what we're doing.

Agreed.

> I feel like any
> place where we are doing X because of some property of a non-PG code
> base with which a particular reader might not be familiar, we should
> have a comment explaining why we're doing it. And especially if it's
> security-relevant.

I'm sure there are more interactions with OpenSSL, and TLS in general, which
warrants better comments but the attached takes a stab at the two examples in
question here to get started (to avoid perfect get in the way of progress). 

--
Daniel Gustafsson

Commits

  1. Fix building with MSVC for TLS session disabling

  2. Fix macro placement in pg_config.h.in

  3. Disable all TLS session tickets