> On 7 Feb 2019, at 05:12, Michael Paquier <michael@paquier.xyz> wrote:
>
> On Wed, Feb 06, 2019 at 11:18:22PM +0100, Daniel Gustafsson wrote:
>> The errorhandling in be_tls_init(), and functions called from it, set the
>> appropriate elevel by the isServerStart. ssl_protocol_version_to_openssl() is
>> however erroring out unconditionally with ERROR on invalid TLS versions. The
>> attached patch adds isServerStart handling to the TLS version handling as well,
>> to make be_tls_init() consistent in its errorhandling.
>
> (Adding Peter Eisentraut in CC)
>
> Good catch, this is an oversight from commit e73e67c7, which affects
> only HEAD. The comment at the top of ssl_protocol_version_to_openssl
> becomes incorrect as the function would not throw an error in a reload
> context.
Doh, managed to completely overlook that. The attached updated patch also
fixes the comment, thanks!
cheers ./daniel