Thread: SSL connection check

SSL connection check

From

Daniel Gustafsson

Date:

17 February 2021, 13:38:45

PgDtc_is_recovery_available use PQgetssl() to check if SSL was used for the
connection.  PQgetssl() is discouraged since it is hardcoded to the OpenSSL
implementation and may fail to identify an SSL connection in case another TLS
backend is added to postgres (a few alternatives have already been discussed on
-hackers).

The attached changes to use PQsslInUse() to perform the check, and removes a
comment which seemed out of place with this (unless I totally misunderstood
it).  PQsslInUse has been available since 9.5, to cope with older libpq
versions, an autoconf check is added for falling back on PQgetssl in 9.4
through to 9.2.

--
Daniel Gustafsson        https://vmware.com/

Attachment

pqgetssl.patch

Re: SSL connection check

From

井上博史

Date:

18 February 2021, 06:27:26

Hi Daniel,

I would take care of the patch.

Thanks.

Hiroshi Inoue

ウイルスフリー｡ www.avg.com

2021年2月17日(水) 19:38 Daniel Gustafsson <daniel@yesql.se>:

PgDtc_is_recovery_available use PQgetssl() to check if SSL was used for the
connection. PQgetssl() is discouraged since it is hardcoded to the OpenSSL
implementation and may fail to identify an SSL connection in case another TLS
backend is added to postgres (a few alternatives have already been discussed on
-hackers).

The attached changes to use PQsslInUse() to perform the check, and removes a
comment which seemed out of place with this (unless I totally misunderstood
it). PQsslInUse has been available since 9.5, to cope with older libpq
versions, an autoconf check is added for falling back on PQgetssl in 9.4
through to 9.2.

--
Daniel Gustafsson https://vmware.com/