On Fri, Mar 26, 2021 at 09:34:03AM -0400, Andrew Dunstan wrote: > OK, here's a new patch. I hope to commit this within a few days.
Thanks!
+ switch (port->hba->clientcertname)
+ {
+ case clientCertDN:
+ peer_username = port->peer_dn;
+ break;
+ default:
+ peer_username = port->peer_cn;
+ }
This does not need a "default". I think that you should use "case
clientCertCN" instead here.
+ BIO_get_mem_ptr(bio, &bio_buf);
No status checks? OpenSSL calls return 1 on success and 0 on failure,
so I would check after <= 0 here.
++ if (port->hba->clientcertname == clientCertDN)
++ {
++ ereport(LOG,
May be better to use a switch() here as well.
It looks like this patch misses src/test/ssl/ssl/client-dn.crt,
causing the SSL tests to fail.
--
Michael
signature.asc
Description: PGP signature
