Re: TLS checking in pgstat
| От | Magnus Hagander |
|---|---|
| Тема | Re: TLS checking in pgstat |
| Дата | |
| Msg-id | CABUevEzmYtDtbsZc2GSDLPJWu=ba35-nZjJBUhNb2ORovxaHHg@mail.gmail.com обсуждение исходный текст |
| Ответ на | TLS checking in pgstat (Daniel Gustafsson <daniel@yesql.se>) |
| Список | pgsql-hackers |
On Sun, Jun 28, 2020 at 1:39 PM Daniel Gustafsson <daniel@yesql.se> wrote:
As I mentioned in [1], checking (struct Port)->ssl for NULL to determine
whether TLS is used for connection is a bit of a leaky abstraction, as that's
an OpenSSL specific struct member. This sets the requirement that all TLS
implementations use a pointer named SSL, and that the pointer is set to NULL in
case of a failed connection, which may or may not fit.
Is there a reason to not use (struct Port)->ssl_in_use flag which tracks just
what we're looking for here? This also maps against other parts of the
abstraction in be-secure.c which do just that. The attached implements this.
Yeah, this seems perfectly reasonable.
I would argue this is a bug, but given how internal it is I don't think it has any user visible effects yet (since we don't have more than one provider), and thus isn't worthy of a backpatch.
Pushed.
В списке pgsql-hackers по дате отправления: