| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
| Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Subject: | Re: Support for Secure Transport SSL library on macOS as OpenSSL alternative |
| Date: | 2017-08-20 21:21:47 |
| Message-ID: | 46267FA6-7F40-4E7B-A143-A90C3BD390BF@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 19 Aug 2017, at 23:13, Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> wrote:
>
> On Sun, Aug 20, 2017 at 8:10 AM, Thomas Munro
> <thomas(dot)munro(at)enterprisedb(dot)com <mailto:thomas(dot)munro(at)enterprisedb(dot)com>> wrote:
>> On Fri, Aug 18, 2017 at 2:14 AM, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>>> Attached is an updated set of patches, rebased on top of master, with bug fixes
>>> and additional features missing in the first set. While not complete (yet), in
>>> case anyone is testing this I’d rather send a fresh batch rather than sitting
>>> on them too long while I keep hacking at the docs. While not every part of
>>> this rather large changeset has been touched, this includes all the patches for
>>> completeness sake.
>>
>> Hi,
>>
>> +#if defined(USE_OPENSSL) || defined(USE_SECURETRANSPORT)
>> #define USE_SSL
>> +#if defined(USE_OPENSSL)
>> +#define SSL_LIBRARY "OpenSSL"
>> +#elif defined(USE_SECURETRANSPORT)
>> +#define SSL_LIBRARY "Secure Transport"
>> +#endif
>> #endif
>>
>> If you configure with neither --with-securetransport nor
>> --with-openssl then SSL_LIBRARY finishes up undefined, and then guc.c
>> doesn't compile:
>>
>> ccache gcc -Wall -Wmissing-prototypes -Wpointer-arith
>> -Wdeclaration-after-statement -Wendif-labels
>> -Wmissing-format-attribute -Wformat-security -fno-strict-aliasing
>> -fwrapv -fexcess-precision=standard -g -O2 -I. -I.
>> -I../../../../src/include -D_GNU_SOURCE -c -o guc.o guc.c
>> guc.c:3309:3: error: ‘SSL_LIBRARY’ undeclared here (not in a function)
>> SSL_LIBRARY,
>> ^~~~~~~~~~~
>>
>> I guess it should have a fallback definition, though I don't know what
>> it should be.
>
> Or maybe the guc should only exist if SSL_LIBRARY is defined?
I think the intended use case of the GUC should drive the decision on fallback.
If the GUC isn’t supposed to be a way to figure out if the server was built
with SSL support, then not existing in non-SSL backends is fine. If, however,
we want to allow using the GUC to see if the server has SSL support, then there
needs to be a “None” or similar value for that case.
Personally I think there is risk of regrets down the line if this GUC is used
for two things, but thats more of a gut feeling than scientifically studied.
Clearly there shouldn’t be a compilation error in either case, sorry about
missing that in the submission.
cheers ./daniel
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2017-08-20 23:02:52 | Re: POC: Sharing record typmods between backends |
| Previous Message | Pavel Stehule | 2017-08-20 20:37:10 | Re: possible encoding issues with libxml2 functions |