>> Maybe we can create a lightweight throw-away context in a check hook and ensure
>> the settings work?
>
> Yeah, I was envisioning something like that. The main trick would be
> to ensure that we can't error out, but given that we'd mostly be
> calling OpenSSL code, ensuring that there's no ereport(ERROR)
> shouldn't be too hard.
This is sort being added as already as part of the SNI patchset, so I'll see if
I can steal something from there in case that seems to miss the v19 train.
> But I'd counsel getting the easy bits (1) and (2) out of the way
> first.
Absolutely, the attached is what I had planned for addressing this.
--
Daniel Gustafsson
