Обсуждение: SSL connection check

Поиск
Список
Период
Сортировка

SSL connection check

От
Daniel Gustafsson
Дата:
PgDtc_is_recovery_available use PQgetssl() to check if SSL was used for the
connection.  PQgetssl() is discouraged since it is hardcoded to the OpenSSL
implementation and may fail to identify an SSL connection in case another TLS
backend is added to postgres (a few alternatives have already been discussed on
-hackers).

The attached changes to use PQsslInUse() to perform the check, and removes a
comment which seemed out of place with this (unless I totally misunderstood
it).  PQsslInUse has been available since 9.5, to cope with older libpq
versions, an autoconf check is added for falling back on PQgetssl in 9.4
through to 9.2.

--
Daniel Gustafsson        https://vmware.com/
Вложения

Re: SSL connection check

От
井上博史
Дата:
Hi Daniel,

I would take care of the patch.

Thanks.
Hiroshi Inoue

ウイルス フリー。 www.avg.com

2021年2月17日(水) 19:38 Daniel Gustafsson <daniel@yesql.se>:
PgDtc_is_recovery_available use PQgetssl() to check if SSL was used for the
connection.  PQgetssl() is discouraged since it is hardcoded to the OpenSSL
implementation and may fail to identify an SSL connection in case another TLS
backend is added to postgres (a few alternatives have already been discussed on
-hackers).

The attached changes to use PQsslInUse() to perform the check, and removes a
comment which seemed out of place with this (unless I totally misunderstood
it).  PQsslInUse has been available since 9.5, to cope with older libpq
versions, an autoconf check is added for falling back on PQgetssl in 9.4
through to 9.2.

--
Daniel Gustafsson               https://vmware.com/