check_ssl_key_file_permissions should be in be-secure-common.c
Peter, Daniel,
The recent commit 8a3d9425 which has introduced SSL passphrase support
has also added be-secure-common.c, which works similarly to
fe-secure-common.c but for the backend.
I was just reading this code area, when I noticed that
check_ssl_key_file_permissions is called by be-secure-openssl.c but the
routine is defined in be-secure.c, causing some back-and-forth between
the two files.
It seems to me that this routine should be logically put into
be-secure-common.c so as future SSL implementations can use it. This
makes the code more consistent with the frontend refactoring that has
happened in f75a959. I would not have bothered about this refactoring
if be-secure-openssl.c did not exist yet, but as it does I think that we
should bite the bullet, and do that for v11 so as a good base is in
place for the future.
A patch is attached.
Thanks,
--
Michael
Attachments:
0001-Make-be-secure-common.c-more-consistent-for-future-S.patchtext/x-diff; charset=us-asciiDownload+76-71
On 4/2/18 02:51, Michael Paquier wrote:
It seems to me that this routine should be logically put into
be-secure-common.c so as future SSL implementations can use it. This
makes the code more consistent with the frontend refactoring that has
happened in f75a959. I would not have bothered about this refactoring
if be-secure-openssl.c did not exist yet, but as it does I think that we
should bite the bullet, and do that for v11 so as a good base is in
place for the future.
committed
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services