> On 5 Mar 2021, at 08:04, Michael Paquier <mich...@paquier.xyz> wrote: > > On Thu, Mar 04, 2021 at 11:52:56PM +0100, Daniel Gustafsson wrote: >> The attached version takes a step further and removes sslcompression from >> pg_conn and just eats the value as there is no use in setting a dummy alue. >> It >> also removes compression from PgBackendSSLStatus and be_tls_get_compression >> as >> raised by Michael downthread. I opted for keeping the column in pg_stat_ssl >> with a note in the documentation that it will be removed, for the same >> backwards compatibility reason of eating the connection param without acting >> on >> it. This might be overthinking it however. > > FWIW, I would vote to nuke it from all those places, reducing a bit > pg_stat_get_activity() while on it. Keeping it around in the system > catalogs may cause confusion IMHO, by making people think that it is > still possible to get into configurations where sslcompression could > be really enabled. The rest of the patch looks fine to me.
Attached is a version which removes that as well. I left the compression keyword in PQsslAttribute on purpose, not really for backwards compatibility (PQsslAttributeNames takes care of that) but rather since it's a more generic connection-info function. -- Daniel Gustafsson https://vmware.com/
v5-0001-Disallow-SSL-compression.patch
Description: Binary data
