Re: PostgreSQL12 and older versions of OpenSSL

Поиск
Список
Период
Сортировка
От Michael Paquier
Тема Re: PostgreSQL12 and older versions of OpenSSL
Дата
Msg-id 20190927142058.GA6117@paquier.xyz
обсуждение исходный текст
Ответ на Re: PostgreSQL12 and older versions of OpenSSL  (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Ответы Re: PostgreSQL12 and older versions of OpenSSL  (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Список pgsql-hackers
Дерево обсуждения 
On Fri, Sep 27, 2019 at 03:50:57PM +0200, Peter Eisentraut wrote:
> On 2019-09-27 03:51, Michael Paquier wrote:
>> Your patch does not issue a ereport(LOG/FATAL) in the event of a
>> failure with SSL_CTX_set_max_proto_version(), which is something done
>> when ssl_protocol_version_to_openssl()'s result is -1.  Wouldn't it be
>> better to report that properly to the user?
>
> Our SSL_CTX_set_max_proto_version() is a reimplementation of a function
> that exists in newer versions of OpenSSL, so it has a specific error
> behavior.  Our implementation should probably not diverge from it too much.

I agree with this point.  Now my argument is about logging LOG or
FATAL within be_tls_init() after the two OpenSSL functions (or our
wrappers) SSL_CTX_set_min/max_proto_version are called.
--
Michael
Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Peter Eisentraut
Дата:
Сообщение: Re: PostgreSQL12 and older versions of OpenSSL
Следующее
От: Nikita Glukhov
Дата:
Сообщение: Re: Support for jsonpath .datetime() method