I hope I didn't joggle your elbow reviewing this, Jacob, but I spent
some time rebase and fix various little things:
- Incorporated Matthias's test changes
- Squashed the client, server and documentation patches. Not much point
in keeping them separate, as one requires the other, and if you're only
interested e.g. in the server parts, just look at src/backend.
- Squashed some of my refactorings with the main patches, because I'm
certain enough that they're desirable. I kept the last libpq state
machine refactoring separate though. I'm pretty sure we need a
refactoring like that, but I'm not 100% sure about the details.
- Added some comments to the new state machine logic in fe-connect.c.
- Removed the XXX comments about TLS alerts.
- Removed the "Allow pipelining data after ssl request" patch
- Reordered the patches so that the first two patches add the tests
different combinations of sslmode, gssencmode and server support. That
could be committed separately, without the rest of the patches. A later
patch expands the tests for the new sslnegotiation option.
The tests are still not distinguishing whether a connection was
established in direct or negotiated mode. So if we e.g. had a bug that
accidentally disabled direct SSL connection completely and always used
negotiated mode, the tests would still pass. I'd like to see some tests
that would catch that.
--
Heikki Linnakangas
Neon (https://neon.tech)