Обсуждение: TLS checking in pgstat
As I mentioned in [1], checking (struct Port)->ssl for NULL to determine whether TLS is used for connection is a bit of a leaky abstraction, as that's an OpenSSL specific struct member. This sets the requirement that all TLS implementations use a pointer named SSL, and that the pointer is set to NULL in case of a failed connection, which may or may not fit. Is there a reason to not use (struct Port)->ssl_in_use flag which tracks just what we're looking for here? This also maps against other parts of the abstraction in be-secure.c which do just that. The attached implements this. cheers ./daniel [1] FAB21FC8-0F62-434F-AA78-6BD9336D630A@yesql.se
Вложения
On Sun, Jun 28, 2020 at 1:39 PM Daniel Gustafsson <daniel@yesql.se> wrote:
As I mentioned in [1], checking (struct Port)->ssl for NULL to determine
whether TLS is used for connection is a bit of a leaky abstraction, as that's
an OpenSSL specific struct member. This sets the requirement that all TLS
implementations use a pointer named SSL, and that the pointer is set to NULL in
case of a failed connection, which may or may not fit.
Is there a reason to not use (struct Port)->ssl_in_use flag which tracks just
what we're looking for here? This also maps against other parts of the
abstraction in be-secure.c which do just that. The attached implements this.
Yeah, this seems perfectly reasonable.
I would argue this is a bug, but given how internal it is I don't think it has any user visible effects yet (since we don't have more than one provider), and thus isn't worthy of a backpatch.
Pushed.