Thread: SSL connection check
PgDtc_is_recovery_available use PQgetssl() to check if SSL was used for the connection. PQgetssl() is discouraged since it is hardcoded to the OpenSSL implementation and may fail to identify an SSL connection in case another TLS backend is added to postgres (a few alternatives have already been discussed on -hackers). The attached changes to use PQsslInUse() to perform the check, and removes a comment which seemed out of place with this (unless I totally misunderstood it). PQsslInUse has been available since 9.5, to cope with older libpq versions, an autoconf check is added for falling back on PQgetssl in 9.4 through to 9.2. -- Daniel Gustafsson https://vmware.com/
Attachment
Hi Daniel,
I would take care of the patch.
Thanks.
Hiroshi Inoue
2021年2月17日(水) 19:38 Daniel Gustafsson <daniel@yesql.se>:
PgDtc_is_recovery_available use PQgetssl() to check if SSL was used for the
connection. PQgetssl() is discouraged since it is hardcoded to the OpenSSL
implementation and may fail to identify an SSL connection in case another TLS
backend is added to postgres (a few alternatives have already been discussed on
-hackers).
The attached changes to use PQsslInUse() to perform the check, and removes a
comment which seemed out of place with this (unless I totally misunderstood
it). PQsslInUse has been available since 9.5, to cope with older libpq
versions, an autoconf check is added for falling back on PQgetssl in 9.4
through to 9.2.
--
Daniel Gustafsson https://vmware.com/