NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit414c2fd

committed

Revert "Add GUC checks for ssl_min_protocol_version and ssl_max_protocol_version"

This reverts commit 41aadee, as the GUC checks could run on older valueswith the new values used, and result in incorrect errors if bothparameters are changed at the same time.Per complaint from Tom Lane.Discussion:https://postgr.es/m/27574.1581015893@sss.pgh.pa.usBackpatch-through: 12

1 parentfc7a5e9 commit414c2fdCopy full SHA for 414c2fd

File tree

2 files changed

-68

lines changed

src
- backend/utils/misc
  - guc.c
- test/ssl/t
  - 001_ssltests.pl

2 files changed

-68

lines changed

`‎src/backend/utils/misc/guc.c`

Lines changed: 2 additions & 49 deletions

Original file line number	Diff line number	Diff line change
`@@ -205,10 +205,6 @@ static const char *show_log_file_mode(void);`
`205`	`205`	`staticconstchar*show_data_directory_mode(void);`
`206`	`206`	`staticboolcheck_backtrace_functions(charnewval,voidextra,GucSourcesource);`
`207`	`207`	`staticvoidassign_backtrace_functions(constcharnewval,voidextra);`
`208`		`-staticboolcheck_ssl_min_protocol_version(intnewval,void*extra,`
`209`		`-GucSourcesource);`
`210`		`-staticboolcheck_ssl_max_protocol_version(intnewval,void*extra,`
`211`		`-GucSourcesource);`
`212`	`208`	`staticboolcheck_recovery_target_timeline(charnewval,voidextra,GucSourcesource);`
`213`	`209`	`staticvoidassign_recovery_target_timeline(constcharnewval,voidextra);`
`214`	`210`	`staticboolcheck_recovery_target(charnewval,voidextra,GucSourcesource);`
`@@ -4657,7 +4653,7 @@ static struct config_enum ConfigureNamesEnum[] =`
`4657`	`4653`	`&ssl_min_protocol_version,`
`4658`	`4654`	`PG_TLS1_2_VERSION,`
`4659`	`4655`	`ssl_protocol_versions_info+1,/* don't allow PG_TLS_ANY */`
`4660`		`-check_ssl_min_protocol_version,NULL,NULL`
	`4656`	`+NULL,NULL,NULL`
`4661`	`4657`	`},`
`4662`	`4658`
`4663`	`4659`	`{`
`@@ -4669,7 +4665,7 @@ static struct config_enum ConfigureNamesEnum[] =`
`4669`	`4665`	`&ssl_max_protocol_version,`
`4670`	`4666`	`PG_TLS_ANY,`
`4671`	`4667`	`ssl_protocol_versions_info,`
`4672`		`-check_ssl_max_protocol_version,NULL,NULL`
	`4668`	`+NULL,NULL,NULL`
`4673`	`4669`	`},`
`4674`	`4670`
`4675`	`4671`	`/* End-of-list marker */`
`@@ -11642,49 +11638,6 @@ assign_backtrace_functions(const char newval, void extra)`
`11642`	`11638`	`backtrace_symbol_list= (char*)extra;`
`11643`	`11639`	`}`
`11644`	`11640`
`11645`		`-staticbool`
`11646`		`-check_ssl_min_protocol_version(intnewval,void*extra,GucSourcesource)`
`11647`		`-{`
`11648`		`-intnew_ssl_min_protocol_version=*newval;`
`11649`		`-`
`11650`		`-/* PG_TLS_ANY is not supported for the minimum bound */`
`11651`		`-Assert(new_ssl_min_protocol_version>PG_TLS_ANY);`
`11652`		`-`
`11653`		`-if (ssl_max_protocol_version&&`
`11654`		`-new_ssl_min_protocol_version>ssl_max_protocol_version)`
`11655`		`-{`
`11656`		`-GUC_check_errhint("\"%s\" cannot be higher than \"%s\".",`
`11657`		`-"ssl_min_protocol_version",`
`11658`		`-"ssl_max_protocol_version");`
`11659`		`-GUC_check_errcode(ERRCODE_INVALID_PARAMETER_VALUE);`
`11660`		`-return false;`
`11661`		`-}`
`11662`		`-`
`11663`		`-return true;`
`11664`		`-}`
`11665`		`-`
`11666`		`-staticbool`
`11667`		`-check_ssl_max_protocol_version(intnewval,void*extra,GucSourcesource)`
`11668`		`-{`
`11669`		`-intnew_ssl_max_protocol_version=*newval;`
`11670`		`-`
`11671`		`-/* if PG_TLS_ANY, there is no need to check the bounds */`
`11672`		`-if (new_ssl_max_protocol_version==PG_TLS_ANY)`
`11673`		`-return true;`
`11674`		`-`
`11675`		`-if (ssl_min_protocol_version&&`
`11676`		`-ssl_min_protocol_version>new_ssl_max_protocol_version)`
`11677`		`-{`
`11678`		`-GUC_check_errhint("\"%s\" cannot be lower than \"%s\".",`
`11679`		`-"ssl_max_protocol_version",`
`11680`		`-"ssl_min_protocol_version");`
`11681`		`-GUC_check_errcode(ERRCODE_INVALID_PARAMETER_VALUE);`
`11682`		`-return false;`
`11683`		`-}`
`11684`		`-`
`11685`		`-return true;`
`11686`		`-}`
`11687`		`-`
`11688`	`11641`	`staticbool`
`11689`	`11642`	`check_recovery_target_timeline(charnewval,voidextra,GucSourcesource)`
`11690`	`11643`	`{`

`‎src/test/ssl/t/001_ssltests.pl`

Lines changed: 1 addition & 19 deletions

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@`
`13`	`13`
`14`	`14`	`if ($ENV{with_openssl}eq'yes')`
`15`	`15`	`{`
`16`		`-plantests=>93;`
	`16`	`+plantests=>91;`
`17`	`17`	`}`
`18`	`18`	`else`
`19`	`19`	`{`
`@@ -97,24 +97,6 @@`
`97`	`97`	`'restart succeeds with password-protected key file');`
`98`	`98`	`$node->_update_pid(1);`
`99`	`99`
`100`		`-# Test compatibility of SSL protocols.`
`101`		`-# TLSv1.1 is lower than TLSv1.2, so it won't work.`
`102`		`-$node->append_conf(`
`103`		`-'postgresql.conf',`
`104`		`-qq{ssl_min_protocol_version='TLSv1.2'`
`105`		`-ssl_max_protocol_version='TLSv1.1'});`
`106`		`-command_fails(`
`107`		`-['pg_ctl','-D',$node->data_dir,'-l',$node->logfile,'restart' ],`
`108`		`-'restart fails with incorrect SSL protocol bounds');`
`109`		`-# Go back to the defaults, this works.`
`110`		`-$node->append_conf(`
`111`		`-'postgresql.conf',`
`112`		`-qq{ssl_min_protocol_version='TLSv1.2'`
`113`		`-ssl_max_protocol_version=''});`
`114`		`-command_ok(`
`115`		`-['pg_ctl','-D',$node->data_dir,'-l',$node->logfile,'restart' ],`
`116`		`-'restart succeeds with correct SSL protocol bounds');`
`117`		`-`
`118`	`100`	`### Run client-side tests.`
`119`	`101`	`###`
`120`	`102`	`### Test that libpq accepts/rejects the connection correctly, depending`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit414c2fd

File tree

2 files changed

2 files changed

`‎src/backend/utils/misc/guc.c`

`‎src/test/ssl/t/001_ssltests.pl`

0 commit comments