Re: Add support to TLS 1.3 cipher suites and curves lists

Peter Eisentraut <peter@eisentraut.org>

From: Peter Eisentraut <peter@eisentraut.org>
To: Daniel Gustafsson <daniel@yesql.se>, Jacob Champion <jacob.champion@enterprisedb.com>
Cc: Erica Zhang <ericazhangy2021@qq.com>, Andres Freund <andres@anarazel.de>, Jelte Fennema-Nio <postgres@jeltef.nl>, pgsql-hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-10-14T13:08:32Z
Lists: pgsql-hackers
On 26.09.24 11:01, Daniel Gustafsson wrote:
> Attached is a v7 which address a test failure in the CI.  It turns out that the
> test_misc module gather GUC names using the :alpha: character class which only
> allows alphabetic whereas GUC names can have digits in them.  The 0001 patch
> fixes this by instead using the :alnum: character class which allows all
> alphanumeric characters.  This is not directly related to this patch, it just
> happened to be exposed by it.

If we are raising the minimum version to OpenSSL 1.1.1, couldn't we then 
remove the version check introduced by commit c3333dbc0c0 ("Only perform 
pg_strong_random init when required")?

FWIW, these patches generally look okay to me.  I haven't done much 
in-depth checking, but overall everything looks sensible.  I think Jacob 
already provided more in-depth reviews, but let me know if you need 
anything else on this.




Commits

  1. Handle alphanumeric characters in matching GUC names

  2. Only perform pg_strong_random init when required