Postgres Pro
Downloads
Home   >   mailing lists

Re: libpq sslpassword parameter and callback function - Mailing list pgsql-hackers

From Andrew Dunstan
Subject Re: libpq sslpassword parameter and callback function
Date
Msg-id db3637c3-a210-8c1b-3be3-526cbf07e618@2ndQuadrant.com
Whole thread Raw
In response to Re: libpq sslpassword parameter and callback function  (Greg Nancarrow <gregn4422@gmail.com>)
Responses Re: libpq sslpassword parameter and callback function  (Noah Misch <noah@leadboat.com>)
List pgsql-hackers
Tree view 
On 11/28/19 10:25 PM, Greg Nancarrow wrote:
> The following review has been posted through the commitfest application:
> make installcheck-world:  tested, passed
> Implements feature:       tested, passed
> Spec compliant:           tested, passed
> Documentation:            tested, failed
>
> Hi Andrew,
>
> I've reviewed your "libpq sslpassword parameter and callback function" patch
(0001-libpq-sslpassword-der-support.patch),and only found a few minor things (otherwise it looked good to me):
 
>
> 1) There's a few trailing white-space warnings on patch application (from where you modified to skip 2 of the
tests):
> git apply 0001-libpq-sslpassword-der-support.patch
> 0001-libpq-sslpassword-der-support.patch:649: trailing whitespace.
>     # so they don't hang. For now they are not performed. 
> 0001-libpq-sslpassword-der-support.patch:659: trailing whitespace.
>     
> warning: 2 lines add whitespace errors.
>
>
> 2) src/interfaces/libpq/libpq-fe.h
> The following portion of the comment should be removed.
>
> + * 2ndQPostgres extension. If you need to be compatible with unpatched libpq
> + * you must dlsym() these.
>
> 3) Documentation for the "PQsslpassword" function should be added to the libpq "33.2 Connection Status Functions"
section.
>
>
> I made the following notes about how/what I reviewed and tested:
>
> - Applied patch and built Postgres (--with-openssl --enable-tap-tests), checked build output
> - Checked patch code modifications (format, logic, memory usage, efficiency, corner cases etc.)
> - Built documentation and checked updated portions (format, grammar, details, completeness etc.)
> - Checked test updates 
> - Ran updated contrib/dblink tests - confirmed all passed
> - Ran updated SSL (TAP) tests - confirmed all passed
> - Ran "make installcheck-world", as per review requirements
> - Wrote small libpq-based app to test:
>   - new APIs (PQsslpassword, PQsetSSLKeyPassHook, PQgetSSLKeyPassHook, PQdefaultSSLKeyPassHook)
>   - passphrase-protected key with/without patch
>   - patch with/without new key password callack
>   - patch and certificate with/without pass phrase protection on key
>   - default callback, callback delegation
>   - PEM/DER keys
>
>


Thanks, nice thorough review.


Here's an updated patch that I think fixes all the things you mentioned.
I plan to commit this tomorrow.


cheers


andrew


-- 
Andrew Dunstan                https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Attachment

pgsql-hackers by date:

Previous
From: Masahiko Sawada
Date:
Subject: Re: [HACKERS] Block level parallel vacuum
Next
From: Tom Lane
Date:
Subject: Re: Update minimum SSL version