On 2019-09-27 03:51, Michael Paquier wrote: > I have tested compilation of REL_12_STABLE with the top of OpenSSL > 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0 and 1.1.1. Our SSL tests also pass > in all the setups I have tested.
great > Your patch does not issue a ereport(LOG/FATAL) in the event of a > failure with SSL_CTX_set_max_proto_version(), which is something done > when ssl_protocol_version_to_openssl()'s result is -1. Wouldn't it be > better to report that properly to the user? Our SSL_CTX_set_max_proto_version() is a reimplementation of a function that exists in newer versions of OpenSSL, so it has a specific error behavior. Our implementation should probably not diverge from it too much. > Some more nits about the patch I have. Would it be worth copying the > comment from min_proto_version() to SSL_CTX_set_max_proto_version()? > I would add a newline before the comment block as well. ok -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
