static const char *show_unix_socket_permissions(void);
static const char *show_log_file_mode(void);
static const char *show_data_directory_mode(void);
-static bool check_ssl_min_protocol_version(int *newval, void **extra,
- GucSource source);
-static bool check_ssl_max_protocol_version(int *newval, void **extra,
- GucSource source);
static bool check_recovery_target_timeline(char **newval, void **extra, GucSource source);
static void assign_recovery_target_timeline(const char *newval, void *extra);
static bool check_recovery_target(char **newval, void **extra, GucSource source);
&ssl_min_protocol_version,
PG_TLS1_VERSION,
ssl_protocol_versions_info + 1, /* don't allow PG_TLS_ANY */
- check_ssl_min_protocol_version, NULL, NULL
+ NULL, NULL, NULL
},
{
&ssl_max_protocol_version,
PG_TLS_ANY,
ssl_protocol_versions_info,
- check_ssl_max_protocol_version, NULL, NULL
+ NULL, NULL, NULL
},
/* End-of-list marker */
return buf;
}
-static bool
-check_ssl_min_protocol_version(int *newval, void **extra, GucSource source)
-{
- int new_ssl_min_protocol_version = *newval;
-
- /* PG_TLS_ANY is not supported for the minimum bound */
- Assert(new_ssl_min_protocol_version > PG_TLS_ANY);
-
- if (ssl_max_protocol_version &&
- new_ssl_min_protocol_version > ssl_max_protocol_version)
- {
- GUC_check_errhint("\"%s\" cannot be higher than \"%s\".",
- "ssl_min_protocol_version",
- "ssl_max_protocol_version");
- GUC_check_errcode(ERRCODE_INVALID_PARAMETER_VALUE);
- return false;
- }
-
- return true;
-}
-
-static bool
-check_ssl_max_protocol_version(int *newval, void **extra, GucSource source)
-{
- int new_ssl_max_protocol_version = *newval;
-
- /* if PG_TLS_ANY, there is no need to check the bounds */
- if (new_ssl_max_protocol_version == PG_TLS_ANY)
- return true;
-
- if (ssl_min_protocol_version &&
- ssl_min_protocol_version > new_ssl_max_protocol_version)
- {
- GUC_check_errhint("\"%s\" cannot be lower than \"%s\".",
- "ssl_max_protocol_version",
- "ssl_min_protocol_version");
- GUC_check_errcode(ERRCODE_INVALID_PARAMETER_VALUE);
- return false;
- }
-
- return true;
-}
-
static bool
check_recovery_target_timeline(char **newval, void **extra, GucSource source)
{
if ($ENV{with_openssl} eq 'yes')
{
- plan tests => 77;
+ plan tests => 75;
}
else
{
'restart succeeds with password-protected key file');
$node->_update_pid(1);
-# Test compatibility of SSL protocols.
-# TLSv1.1 is lower than TLSv1.2, so it won't work.
-$node->append_conf(
- 'postgresql.conf',
- qq{ssl_min_protocol_version='TLSv1.2'
-ssl_max_protocol_version='TLSv1.1'});
-command_fails(
- [ 'pg_ctl', '-D', $node->data_dir, '-l', $node->logfile, 'restart' ],
- 'restart fails with incorrect SSL protocol bounds');
-# Go back to the defaults, this works.
-$node->append_conf(
- 'postgresql.conf',
- qq{ssl_min_protocol_version='TLSv1'
-ssl_max_protocol_version=''});
-command_ok(
- [ 'pg_ctl', '-D', $node->data_dir, '-l', $node->logfile, 'restart' ],
- 'restart succeeds with correct SSL protocol bounds');
-
### Run client-side tests.
###
### Test that libpq accepts/rejects the connection correctly, depending
projects / postgresql.git / commitdiff