Re: [HACKERS] PostgreSQL not setting OpenSSL session id context?

Поиск
Список
Период
Сортировка
От Shay Rojansky
Тема Re: [HACKERS] PostgreSQL not setting OpenSSL session id context?
Дата
Msg-id CADT4RqBFWahVhyFea74T2tRbkfMe=KqU4QdJ7XE0c-aHoAesMw@mail.gmail.com
обсуждение исходный текст
Ответ на Re: [HACKERS] PostgreSQL not setting OpenSSL session id context?  (Shay Rojansky <roji@roji.org>)
Ответы Re: [HACKERS] PostgreSQL not setting OpenSSL session id context?  (Andres Freund <andres@anarazel.de>)
Re: [HACKERS] PostgreSQL not setting OpenSSL session id context?  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-hackers
Дерево обсуждения
I tested the patch.

Doing SSL_CTX_set_session_cache_mode(context, SSL_SESS_CACHE_OFF) doesn't have any effect whatsoever - I still have the same issue (session id context uninitialized). I suspect session caching is an entirely different feature from session tickets/RFC5077 (although it might still be a good idea to disable).

Doing SSL_CTX_set_options(context, SSL_OP_NO_TICKET) indeed resolves the issue, as expected. As I wrote above, I'd remove the #ifdef and execute it always.

I'm still not convinced of the risk/problem of simply setting the session id context as I explained above (rather than disabling the optimization), but of course either solution resolves my problem.

В списке pgsql-hackers по дате отправления:

Предыдущее
От: AP
Дата:
Сообщение: Re: [HACKERS] pgsql 10: hash indexes testing
Следующее
От: Andres Freund
Дата:
Сообщение: Re: [HACKERS] PostgreSQL not setting OpenSSL session id context?