Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit84ef9c5

Browse files
committed
Put back ssl_renegotiation_limit parameter, but only allow 0.
Per a report from Shay Rojansky, Npgsql sends ssl_renegotiation_limit=0in the startup packet because it does not support renegotiation; otherclients which have not attempted to support renegotiation might wellbehave similarly. The recent removal of this parameter forces them tobreak compatibility with either current PostgreSQL versions, orprevious ones. Per discussion, the best solution is to accept theparameter but only allow a value of 0.Shay Rojansky, edited a little by me.
1 parent5be94a9 commit84ef9c5

File tree

1 file changed

+19
-0
lines changed
  • src/backend/utils/misc

1 file changed

+19
-0
lines changed

‎src/backend/utils/misc/guc.c

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -436,6 +436,14 @@ inttcp_keepalives_idle;
436436
inttcp_keepalives_interval;
437437
inttcp_keepalives_count;
438438

439+
/*
440+
* SSL renegotiation was been removed in PostgreSQL 9.5, but we tolerate it
441+
* being set to zero (meaning never renegotiate) for backward compatibility.
442+
* This avoids breaking compatibility with clients that have never supported
443+
* renegotiation and therefore always try to zero it.
444+
*/
445+
intssl_renegotiation_limit;
446+
439447
/*
440448
* This really belongs in pg_shmem.c, but is defined here so that it doesn't
441449
* need to be duplicated in all the different implementations of pg_shmem.c.
@@ -2579,6 +2587,17 @@ static struct config_int ConfigureNamesInt[] =
25792587
NULL,assign_tcp_keepalives_interval,show_tcp_keepalives_interval
25802588
},
25812589

2590+
{
2591+
{"ssl_renegotiation_limit",PGC_USERSET,CONN_AUTH_SECURITY,
2592+
gettext_noop("SSL regenotiation is no longer supported; this can only be 0"),
2593+
NULL,
2594+
GUC_NO_SHOW_ALL |GUC_NOT_IN_SAMPLE |GUC_DISALLOW_IN_FILE,
2595+
},
2596+
&ssl_renegotiation_limit,
2597+
0,0,0,
2598+
NULL,NULL,NULL
2599+
},
2600+
25822601
{
25832602
{"tcp_keepalives_count",PGC_USERSET,CLIENT_CONN_OTHER,
25842603
gettext_noop("Maximum number of TCP keepalive retransmits."),

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp