Re: Setting min/max TLS protocol in clientside libpq - Mailing list pgsql-hackers

From Daniel Gustafsson
Subject Re: Setting min/max TLS protocol in clientside libpq
Date
Msg-id C0F9DE97-1425-4AFC-8074-B08178EEACBF@yesql.se
Whole thread Raw
In response to Re: Setting min/max TLS protocol in clientside libpq  (Michael Paquier <michael@paquier.xyz>)
Responses Re: Setting min/max TLS protocol in clientside libpq
List pgsql-hackers
> On 16 Jan 2020, at 04:22, Michael Paquier <michael@paquier.xyz> wrote:
>
> On Wed, Jan 15, 2020 at 02:58:09PM +0900, Michael Paquier wrote:
>> On Tue, Jan 14, 2020 at 11:01:00PM +0100, Daniel Gustafsson wrote:
>>> Files renamed to match existing naming convention, the rest of the patch left
>>> unchanged.
>>
>> [previous review]
>
> One thing I remembered after sleeping on it is that we can split the
> patch into two parts: the refactoring pieces and the addition of the
> options for libpq.

Correct, they are mostly independent (the refactoring doesn't make a lot of
sense without the follow-up patch, but the min/max patch can be kept more
readable without the refactoring in it as well).

> The previous review mostly impacts the libpq part,
> and the split is straight-forward, so attached is a patch for only the
> refactoring pieces with some fixes and tweaks.  I have tested it with
> and without OpenSSL, using 1.0.2 and 1.1.0 on Linux and Windows
> (MSVC).  Those tests have allowed me to find an error in the previous
> patch that I missed: the new files openssl.h and protocol_openssl.c
> still declared SSL_CTX_set_min/max_proto_version as static functions,
> so compilation was broken when trying to use OpenSSL <= 1.0.2.

Doh .. thanks.

> If that looks fine, I would like to get that part committed first.
> Daniel, any thoughts?

The patch looks fine to me, I don't an issue with splitting it into a
refactoring patch and a TLS min/max version patch.

cheers ./daniel


pgsql-hackers by date:

Previous
From: Fabien COELHO
Date:
Subject: Re: [PATCH v1] pg_ls_tmpdir to show directories
Next
From: vignesh C
Date:
Subject: Re: Option to dump foreign data in pg_dump