TLS checking in pgstat
As I mentioned in [1]FAB21FC8-0F62-434F-AA78-6BD9336D630A@yesql.se, checking (struct Port)->ssl for NULL to determine
whether TLS is used for connection is a bit of a leaky abstraction, as that's
an OpenSSL specific struct member. This sets the requirement that all TLS
implementations use a pointer named SSL, and that the pointer is set to NULL in
case of a failed connection, which may or may not fit.
Is there a reason to not use (struct Port)->ssl_in_use flag which tracks just
what we're looking for here? This also maps against other parts of the
abstraction in be-secure.c which do just that. The attached implements this.
cheers ./daniel
[1]: FAB21FC8-0F62-434F-AA78-6BD9336D630A@yesql.se
Attachments:
ssl_reporting.patchapplication/octet-stream; name=ssl_reporting.patch; x-unix-mode=0644Download+1-2
On Sun, Jun 28, 2020 at 1:39 PM Daniel Gustafsson <daniel@yesql.se> wrote:
As I mentioned in [1], checking (struct Port)->ssl for NULL to determine
whether TLS is used for connection is a bit of a leaky abstraction, as
that's
an OpenSSL specific struct member. This sets the requirement that all TLS
implementations use a pointer named SSL, and that the pointer is set to
NULL in
case of a failed connection, which may or may not fit.Is there a reason to not use (struct Port)->ssl_in_use flag which tracks
just
what we're looking for here? This also maps against other parts of the
abstraction in be-secure.c which do just that. The attached implements
this.
Yeah, this seems perfectly reasonable.
I would argue this is a bug, but given how internal it is I don't think it
has any user visible effects yet (since we don't have more than one
provider), and thus isn't worthy of a backpatch.
Pushed.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>