From 9188ef57781b09be9aea05860726bae7ce12840a Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Fri, 24 Apr 2020 13:49:11 +0200
Subject: [PATCH] Rename client-side TLS protocol settings

Improve readability of client side TLS protocol settings by adding
underscores to break up the really long word. The environment vars
are kept without underscores to be consistent with (most) other
env vars.

Reported-by: Peter Eisentraut
---
 contrib/postgres_fdw/expected/postgres_fdw.out |  2 +-
 doc/src/sgml/libpq.sgml                        |  4 ++--
 src/interfaces/libpq/fe-connect.c              | 14 +++++++-------
 src/test/ssl/t/001_ssltests.pl                 | 12 ++++++------
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out
index 62c2697920..7ae070fbeb 100644
--- a/contrib/postgres_fdw/expected/postgres_fdw.out
+++ b/contrib/postgres_fdw/expected/postgres_fdw.out
@@ -8898,7 +8898,7 @@ DO $d$
     END;
 $d$;
 ERROR:  invalid option "password"
-HINT:  Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcompression, sslcert, sslkey, sslrootcert, sslcrl, requirepeer, sslminprotocolversion, sslmaxprotocolversion, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size
+HINT:  Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcompression, sslcert, sslkey, sslrootcert, sslcrl, requirepeer, ssl_min_protocolversion, ssl_max_protocolversion, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size
 CONTEXT:  SQL statement "ALTER SERVER loopback_nopw OPTIONS (ADD password 'dummypw')"
 PL/pgSQL function inline_code_block line 3 at EXECUTE
 -- If we add a password for our user mapping instead, we should get a different
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 75d2224a61..51cbf4b3a5 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1737,7 +1737,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
      </varlistentry>
 
      <varlistentry id="libpq-connect-sslminprotocolversion" xreflabel="sslminprotocolversion">
-      <term><literal>sslminprotocolversion</literal></term>
+      <term><literal>ssl_min_protocolversion</literal></term>
       <listitem>
        <para>
         This parameter specifies the minimum SSL/TLS protocol version to allow
@@ -1753,7 +1753,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
      </varlistentry>
 
      <varlistentry id="libpq-connect-sslmaxprotocolversion" xreflabel="sslmaxprotocolversion">
-      <term><literal>sslmaxprotocolversion</literal></term>
+      <term><literal>ssl_max_protocolversion</literal></term>
       <listitem>
        <para>
         This parameter specifies the maximum SSL/TLS protocol version to allow
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 0157c619aa..e2882b9f71 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -320,11 +320,11 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
 		"Require-Peer", "", 10,
 	offsetof(struct pg_conn, requirepeer)},
 
-	{"sslminprotocolversion", "PGSSLMINPROTOCOLVERSION", NULL, NULL,
+	{"ssl_min_protocolversion", "PGSSLMINPROTOCOLVERSION", NULL, NULL,
 		"SSL-Minimum-Protocol-Version", "", 8,	/* sizeof("TLSv1.x") == 8 */
 	offsetof(struct pg_conn, sslminprotocolversion)},
 
-	{"sslmaxprotocolversion", "PGSSLMAXPROTOCOLVERSION", NULL, NULL,
+	{"ssl_max_protocolversion", "PGSSLMAXPROTOCOLVERSION", NULL, NULL,
 		"SSL-Maximum-Protocol-Version", "", 8,	/* sizeof("TLSv1.x") == 8 */
 	offsetof(struct pg_conn, sslmaxprotocolversion)},
 
@@ -1301,14 +1301,14 @@ connectOptions2(PGconn *conn)
 	}
 
 	/*
-	 * Validate TLS protocol versions for sslminprotocolversion and
-	 * sslmaxprotocolversion.
+	 * Validate TLS protocol versions for ssl_min_protocolversion and
+	 * ssl_max_protocolversion.
 	 */
 	if (!sslVerifyProtocolVersion(conn->sslminprotocolversion))
 	{
 		conn->status = CONNECTION_BAD;
 		printfPQExpBuffer(&conn->errorMessage,
-						  libpq_gettext("invalid sslminprotocolversion value: \"%s\"\n"),
+						  libpq_gettext("invalid ssl_min_protocolversion value: \"%s\"\n"),
 						  conn->sslminprotocolversion);
 		return false;
 	}
@@ -1316,7 +1316,7 @@ connectOptions2(PGconn *conn)
 	{
 		conn->status = CONNECTION_BAD;
 		printfPQExpBuffer(&conn->errorMessage,
-						  libpq_gettext("invalid sslmaxprotocolversion value: \"%s\"\n"),
+						  libpq_gettext("invalid ssl_max_protocolversion value: \"%s\"\n"),
 						  conn->sslmaxprotocolversion);
 		return false;
 	}
@@ -7120,7 +7120,7 @@ pgpassfileWarning(PGconn *conn)
 /*
  * Check if the SSL procotol value given in input is valid or not.
  * This is used as a sanity check routine for the connection parameters
- * sslminprotocolversion and sslmaxprotocolversion.
+ * ssl_min_protocolversion and ssl_max_protocolversion.
  */
 static bool
 sslVerifyProtocolVersion(const char *version)
diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
index d035ac7fc9..31b4e56587 100644
--- a/src/test/ssl/t/001_ssltests.pl
+++ b/src/test/ssl/t/001_ssltests.pl
@@ -357,22 +357,22 @@ command_like(
 # Test min/max SSL protocol versions.
 test_connect_ok(
 	$common_connstr,
-	"sslrootcert=ssl/root+server_ca.crt sslmode=require sslminprotocolversion=TLSv1.2 sslmaxprotocolversion=TLSv1.2",
+	"sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_min_protocolversion=TLSv1.2 ssl_max_protocolversion=TLSv1.2",
 	"connection success with correct range of TLS protocol versions");
 test_connect_fails(
 	$common_connstr,
-	"sslrootcert=ssl/root+server_ca.crt sslmode=require sslminprotocolversion=TLSv1.2 sslmaxprotocolversion=TLSv1.1",
+	"sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_min_protocolversion=TLSv1.2 ssl_max_protocolversion=TLSv1.1",
 	qr/invalid SSL protocol version range/,
 	"connection failure with incorrect range of TLS protocol versions");
 test_connect_fails(
 	$common_connstr,
-	"sslrootcert=ssl/root+server_ca.crt sslmode=require sslminprotocolversion=incorrect_tls",
-	qr/invalid sslminprotocolversion value/,
+	"sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_min_protocolversion=incorrect_tls",
+	qr/invalid ssl_min_protocolversion value/,
 	"connection failure with an incorrect SSL protocol minimum bound");
 test_connect_fails(
 	$common_connstr,
-	"sslrootcert=ssl/root+server_ca.crt sslmode=require sslmaxprotocolversion=incorrect_tls",
-	qr/invalid sslmaxprotocolversion value/,
+	"sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_max_protocolversion=incorrect_tls",
+	qr/invalid ssl_max_protocolversion value/,
 	"connection failure with an incorrect SSL protocol maximum bound");
 
 ### Server-side tests.
-- 
2.21.1 (Apple Git-122.3)