Andres Freund <andres@anarazel.de> writes: > Having to backpatch a new parameter to all supported versions seems far > more invasive than adding a guc that can only be set to one value.
Indeed. It is completely stupid to do this in any other way except by reinstating ssl_renegotiation_limit as an ordinary GUC variable whose min and max are both zero.
Agreed, my suggestion requires we can set that GUC, but we can set not-in-file also.
Quite aside from the implementation effort of inventing some single-purpose kluge to do it another way, that solution would also cover the complaints we're doubtless gonna get that "SET ssl_renegotiation_limit = 0" doesn't work anymore.
Agreed, single purpose kluge is a bad thing.
Rough patch for the extensible, backpatchable, non-invasive proposal attached.
--
Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services