Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit2f47339

Browse files
committed
Revert "Add GUC checks for ssl_min_protocol_version and ssl_max_protocol_version"
This reverts commit 41aadee, as the GUC checks could run on older valueswith the new values used, and result in incorrect errors if bothparameters are changed at the same time.Per complaint from Tom Lane.Discussion:https://postgr.es/m/27574.1581015893@sss.pgh.pa.usBackpatch-through: 12
1 parent4988d7e commit2f47339

File tree

3 files changed

+4
-69
lines changed

3 files changed

+4
-69
lines changed

‎src/backend/utils/misc/guc.c

Lines changed: 2 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -201,10 +201,6 @@ static bool check_cluster_name(char **newval, void **extra, GucSource source);
201201
staticconstchar*show_unix_socket_permissions(void);
202202
staticconstchar*show_log_file_mode(void);
203203
staticconstchar*show_data_directory_mode(void);
204-
staticboolcheck_ssl_min_protocol_version(int*newval,void**extra,
205-
GucSourcesource);
206-
staticboolcheck_ssl_max_protocol_version(int*newval,void**extra,
207-
GucSourcesource);
208204
staticboolcheck_recovery_target_timeline(char**newval,void**extra,GucSourcesource);
209205
staticvoidassign_recovery_target_timeline(constchar*newval,void*extra);
210206
staticboolcheck_recovery_target(char**newval,void**extra,GucSourcesource);
@@ -4526,7 +4522,7 @@ static struct config_enum ConfigureNamesEnum[] =
45264522
&ssl_min_protocol_version,
45274523
PG_TLS1_VERSION,
45284524
ssl_protocol_versions_info+1,/* don't allow PG_TLS_ANY */
4529-
check_ssl_min_protocol_version,NULL,NULL
4525+
NULL,NULL,NULL
45304526
},
45314527

45324528
{
@@ -4538,7 +4534,7 @@ static struct config_enum ConfigureNamesEnum[] =
45384534
&ssl_max_protocol_version,
45394535
PG_TLS_ANY,
45404536
ssl_protocol_versions_info,
4541-
check_ssl_max_protocol_version,NULL,NULL
4537+
NULL,NULL,NULL
45424538
},
45434539

45444540
/* End-of-list marker */
@@ -11442,49 +11438,6 @@ show_data_directory_mode(void)
1144211438
returnbuf;
1144311439
}
1144411440

11445-
staticbool
11446-
check_ssl_min_protocol_version(int*newval,void**extra,GucSourcesource)
11447-
{
11448-
intnew_ssl_min_protocol_version=*newval;
11449-
11450-
/* PG_TLS_ANY is not supported for the minimum bound */
11451-
Assert(new_ssl_min_protocol_version>PG_TLS_ANY);
11452-
11453-
if (ssl_max_protocol_version&&
11454-
new_ssl_min_protocol_version>ssl_max_protocol_version)
11455-
{
11456-
GUC_check_errhint("\"%s\" cannot be higher than \"%s\".",
11457-
"ssl_min_protocol_version",
11458-
"ssl_max_protocol_version");
11459-
GUC_check_errcode(ERRCODE_INVALID_PARAMETER_VALUE);
11460-
return false;
11461-
}
11462-
11463-
return true;
11464-
}
11465-
11466-
staticbool
11467-
check_ssl_max_protocol_version(int*newval,void**extra,GucSourcesource)
11468-
{
11469-
intnew_ssl_max_protocol_version=*newval;
11470-
11471-
/* if PG_TLS_ANY, there is no need to check the bounds */
11472-
if (new_ssl_max_protocol_version==PG_TLS_ANY)
11473-
return true;
11474-
11475-
if (ssl_min_protocol_version&&
11476-
ssl_min_protocol_version>new_ssl_max_protocol_version)
11477-
{
11478-
GUC_check_errhint("\"%s\" cannot be lower than \"%s\".",
11479-
"ssl_max_protocol_version",
11480-
"ssl_min_protocol_version");
11481-
GUC_check_errcode(ERRCODE_INVALID_PARAMETER_VALUE);
11482-
return false;
11483-
}
11484-
11485-
return true;
11486-
}
11487-
1148811441
staticbool
1148911442
check_recovery_target_timeline(char**newval,void**extra,GucSourcesource)
1149011443
{

‎src/test/ssl/t/001_ssltests.pl

Lines changed: 1 addition & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313

1414
if ($ENV{with_openssl}eq'yes')
1515
{
16-
plantests=>77;
16+
plantests=>75;
1717
}
1818
else
1919
{
@@ -87,24 +87,6 @@
8787
'restart succeeds with password-protected key file');
8888
$node->_update_pid(1);
8989

90-
# Test compatibility of SSL protocols.
91-
# TLSv1.1 is lower than TLSv1.2, so it won't work.
92-
$node->append_conf(
93-
'postgresql.conf',
94-
qq{ssl_min_protocol_version='TLSv1.2'
95-
ssl_max_protocol_version='TLSv1.1'});
96-
command_fails(
97-
['pg_ctl','-D',$node->data_dir,'-l',$node->logfile,'restart' ],
98-
'restart fails with incorrect SSL protocol bounds');
99-
# Go back to the defaults, this works.
100-
$node->append_conf(
101-
'postgresql.conf',
102-
qq{ssl_min_protocol_version='TLSv1'
103-
ssl_max_protocol_version=''});
104-
command_ok(
105-
['pg_ctl','-D',$node->data_dir,'-l',$node->logfile,'restart' ],
106-
'restart succeeds with correct SSL protocol bounds');
107-
10890
### Run client-side tests.
10991
###
11092
### Test that libpq accepts/rejects the connection correctly, depending

‎src/test/ssl/t/SSLServer.pm

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,7 @@ sub configure_test_server_for_ssl
128128
print$conf"log_statement=all\n";
129129

130130
# enable SSL and set up server key
131-
print$conf"include 'sslconfig.conf'\n";
131+
print$conf"include 'sslconfig.conf'";
132132

133133
close$conf;
134134

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp