Re: [HACKERS] Support for Secure Transport SSL library on macOS as OpenSSL alternative

Поиск
Список
Период
Сортировка
От Daniel Gustafsson
Тема Re: [HACKERS] Support for Secure Transport SSL library on macOS as OpenSSL alternative
Дата
Msg-id 46267FA6-7F40-4E7B-A143-A90C3BD390BF@yesql.se
обсуждение исходный текст
Ответ на Re: [HACKERS] Support for Secure Transport SSL library on macOS asOpenSSL alternative  (Thomas Munro <thomas.munro@enterprisedb.com>)
Ответы Re: [HACKERS] Support for Secure Transport SSL library on macOS asOpenSSL alternative  (Michael Paquier <michael.paquier@gmail.com>)
Список pgsql-hackers
Дерево обсуждения 
> On 19 Aug 2017, at 23:13, Thomas Munro <thomas.munro@enterprisedb.com> wrote:
>
> On Sun, Aug 20, 2017 at 8:10 AM, Thomas Munro
> <thomas.munro@enterprisedb.com <mailto:thomas.munro@enterprisedb.com>> wrote:
>> On Fri, Aug 18, 2017 at 2:14 AM, Daniel Gustafsson <daniel@yesql.se> wrote:
>>> Attached is an updated set of patches, rebased on top of master, with bug fixes
>>> and additional features missing in the first set.  While not complete (yet), in
>>> case anyone is testing this I’d rather send a fresh batch rather than sitting
>>> on them too long while I keep hacking at the docs.  While not every part of
>>> this rather large changeset has been touched, this includes all the patches for
>>> completeness sake.
>>
>> Hi,
>>
>> +#if defined(USE_OPENSSL) || defined(USE_SECURETRANSPORT)
>> #define USE_SSL
>> +#if defined(USE_OPENSSL)
>> +#define SSL_LIBRARY "OpenSSL"
>> +#elif defined(USE_SECURETRANSPORT)
>> +#define SSL_LIBRARY "Secure Transport"
>> +#endif
>> #endif
>>
>> If you configure with neither --with-securetransport nor
>> --with-openssl then SSL_LIBRARY finishes up undefined, and then guc.c
>> doesn't compile:
>>
>> ccache gcc -Wall -Wmissing-prototypes -Wpointer-arith
>> -Wdeclaration-after-statement -Wendif-labels
>> -Wmissing-format-attribute -Wformat-security -fno-strict-aliasing
>> -fwrapv -fexcess-precision=standard -g -O2 -I. -I.
>> -I../../../../src/include  -D_GNU_SOURCE   -c -o guc.o guc.c
>> guc.c:3309:3: error: ‘SSL_LIBRARY’ undeclared here (not in a function)
>>   SSL_LIBRARY,
>>   ^~~~~~~~~~~
>>
>> I guess it should have a fallback definition, though I don't know what
>> it should be.
>
> Or maybe the guc should only exist if SSL_LIBRARY is defined?

I think the intended use case of the GUC should drive the decision on fallback.
If the GUC isn’t supposed to be a way to figure out if the server was built
with SSL support, then not existing in non-SSL backends is fine.  If, however,
we want to allow using the GUC to see if the server has SSL support, then there
needs to be a “None” or similar value for that case.

Personally I think there is risk of regrets down the line if this GUC is used
for two things, but thats more of a gut feeling than scientifically studied.

Clearly there shouldn’t be a compilation error in either case, sorry about
missing that in the submission.

cheers ./daniel

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Pavel Stehule
Дата:
Сообщение: Re: [HACKERS] possible encoding issues with libxml2 functions
Следующее
От: Thomas Munro
Дата:
Сообщение: Re: [HACKERS] POC: Sharing record typmods between backends