Re: Improve errors when setting incorrect bounds for SSL protocols - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Improve errors when setting incorrect bounds for SSL protocols
Date
Msg-id 27574.1581015893@sss.pgh.pa.us
Whole thread Raw
In response to Re: Improve errors when setting incorrect bounds for SSL protocols  (Michael Paquier <michael@paquier.xyz>)
Responses Re: Improve errors when setting incorrect bounds for SSL protocols
List pgsql-hackers
Michael Paquier <michael@paquier.xyz> writes:
> On Thu, Jan 16, 2020 at 10:00:52AM +0900, Michael Paquier wrote:
>> Thanks for the review.  Let's wait a couple of days to see if others
>> have objections or more comments about this patch, but I'd like to
>> fix the issue and backpatch down to 12 where the parameters have been
>> introduced.

> And committed.

I just happened to look at this patch while working on the release notes.
I think this is a bad idea and very probably creates worse problems than
it fixes.  As we have learned painfully in the past, you can't have GUC
check or assign hooks that look at other GUC variables, because that
creates order-of-operations problems.  If a postgresql.conf update is
trying to change both values (hardly an unlikely scenario, for this
pair of variables) then the checks are going to be comparing against the
old values of the other variables, leading to either incorrect rejections
of valid states or incorrect acceptances of invalid states.  It's pure
accident that the particular cases tested in the regression tests behave
sanely.

I think this should be reverted.  Perhaps there's a way to do it without
these problems, but we failed to find one in the past.

            regards, tom lane



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Make ringbuffer threshold and ringbuffer sizes configurable?
Next
From: Peter Eisentraut
Date:
Subject: Re: Dumping/restoring fails on inherited generated column