On Mon, Jan 29, 2018 at 09:16:56PM -0500, Peter Eisentraut wrote: > On 1/28/18 23:43, Michael Paquier wrote: >> The comment at the top of PQinitSSL mentions OpenSSL, you may want to >> get rid of it as well. > > I think that whole business is actually obsolete as of OpenSSL 1.1.0 and > not applicable to GnuTLS, so we might just leave it to die with some > appropriate documentation updates.
Yes, that would be fine as well. >> To be honest, I find this refactoring confusing. As things stand on >> HEAD, fe-secure.c depends on the contents of fe-secure-openssl.c, and >> the dependency goes only in one direction. With your patch, you also >> make fe-secure-openssl.c call things within fe-secure.c. It seems to me >> that a cleaner split would be to introduce a common file for all the >> low-level routines like the two ones you are introducing here, say >> fe-secure-common.c. aND pq_verify_peer_name_matches_certificate_name and >> pq_verify_peer_name_matches_certificate should be moved to that. > > I like that. Updated patch attached. Thanks for the new version. This looks sane to me. ifeq ($(with_openssl),yes) -OBJS += fe-secure-openssl.o sha2_openssl.o +OBJS += fe-secure-openssl.o fe-secure-common.o sha2_openssl.o else As fe-secure-common.c will only be built with SSL builds, you need also to tweak Mkvcbuild.pm and remove it from libpq's compilation. + /* If string does not end in pattern (minus the wildcard), we don't + * match */ Such comment blocks are not Postgres-like. src/interfaces/libpq/nls.mk is updated automatically with translations by the way? -- Michael
signature.asc
Description: PGP signature
