> On 7 Feb 2019, at 05:12, Michael Paquier <mich...@paquier.xyz> wrote: > > On Wed, Feb 06, 2019 at 11:18:22PM +0100, Daniel Gustafsson wrote: >> The errorhandling in be_tls_init(), and functions called from it, set the >> appropriate elevel by the isServerStart. ssl_protocol_version_to_openssl() >> is >> however erroring out unconditionally with ERROR on invalid TLS versions. The >> attached patch adds isServerStart handling to the TLS version handling as >> well, >> to make be_tls_init() consistent in its errorhandling. > > (Adding Peter Eisentraut in CC) > > Good catch, this is an oversight from commit e73e67c7, which affects > only HEAD. The comment at the top of ssl_protocol_version_to_openssl > becomes incorrect as the function would not throw an error in a reload > context.
Doh, managed to completely overlook that. The attached updated patch also fixes the comment, thanks! cheers ./daniel
openssl_tlsver-v2.patch
Description: Binary data
