On Mon, Jun 07, 2021 at 11:34:24AM -0400, Tom Lane wrote: > Yeah, I'd include the empty-string test just because it's standard > practice in this area of libpq. Whether those tests are actually > triggerable in every case is obscure, but ...
Checking after a NULL string and an empty one is more libpq-ish. > Patch looks sane by eyeball, though I didn't test it. I did, and I could not break it. + SSLerrfree(err); + SSL_CTX_free(SSL_context); + return -1; It seems to me that there is no need to free SSL_context if SSL_set_tlsext_host_name() fails here, except if you'd like to move the check for the SNI above SSL_CTX_free() around L1082. There is no harm as SSL_CTX_free() is a no-op on NULL input. -- Michael
signature.asc
Description: PGP signature
