On Tue, Mar 09, 2021 at 02:18:52AM +0000, Michael Paquier wrote: > Remove support for SSL compression > > PostgreSQL disabled compression as of e3bdb2d and the documentation > recommends against using it since. Additionally, SSL compression has > been disabled in OpenSSL since version 1.1.0, and was disabled in many > distributions long before that. The most recent TLS version, TLSv1.3, > disallows compression at the protocol level.
(Adding Daniel in CC) So, this is breaking a test case in crake where an upgrade from 9.3 is done with a FDW server using this option that gets restored: https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=crake&dt=2021-03-09%2002%3A32%3A29 pg_restore: while PROCESSING TOC: pg_restore: from TOC entry 1541; 1417 55431 SERVER testserver1 buildfarm pg_restore: error: could not execute query: ERROR: invalid option "sslcompression" It looks like it is not that much a good idea to define it as a debug option after all. So I guess that the attached would fix the failure, where FDW servers can still pass down the parameter at will for backward-compatibility, and where libpq keeps ignoring its value. Any thoughts? -- Michael
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index fed06bb038..a294d293eb 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -298,7 +298,7 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
* compatibility.
*/
{"sslcompression", NULL, NULL, NULL,
- "SSL-Compression", "D", 1, -1},
+ "SSL-Compression", "", 1, -1},
{"sslcert", "PGSSLCERT", NULL, NULL,
"SSL-Client-Cert", "", 64,
diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out
index c2565dfc70..f17f3b6c29 100644
--- a/contrib/postgres_fdw/expected/postgres_fdw.out
+++ b/contrib/postgres_fdw/expected/postgres_fdw.out
@@ -167,6 +167,7 @@ ALTER SERVER testserver1 OPTIONS (
sslcert 'value',
sslkey 'value',
sslrootcert 'value',
+ sslcompression 'value',
sslcrl 'value',
--requirepeer 'value',
krbsrvname 'value',
@@ -8945,7 +8946,7 @@ DO $d$
END;
$d$;
ERROR: invalid option "password"
-HINT: Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcert, sslkey, sslrootcert, sslcrl, sslcrldir, requirepeer, ssl_min_protocol_version, ssl_max_protocol_version, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size, batch_size
+HINT: Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcompression, sslcert, sslkey, sslrootcert, sslcrl, sslcrldir, requirepeer, ssl_min_protocol_version, ssl_max_protocol_version, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size, batch_size
CONTEXT: SQL statement "ALTER SERVER loopback_nopw OPTIONS (ADD password 'dummypw')"
PL/pgSQL function inline_code_block line 3 at EXECUTE
-- If we add a password for our user mapping instead, we should get a different
diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql
index a143a70406..be5618f759 100644
--- a/contrib/postgres_fdw/sql/postgres_fdw.sql
+++ b/contrib/postgres_fdw/sql/postgres_fdw.sql
@@ -181,6 +181,7 @@ ALTER SERVER testserver1 OPTIONS (
sslcert 'value',
sslkey 'value',
sslrootcert 'value',
+ sslcompression 'value',
sslcrl 'value',
--requirepeer 'value',
krbsrvname 'value',
signature.asc
Description: PGP signature
