On 08/04/2024 04:50, Andres Freund wrote:
On 2024-04-08 01:25:40 +0000, Heikki Linnakangas wrote:
Send ALPN in TLS handshake, require it in direct SSL connections
libpq now always tries to send ALPN. With the traditional negotiated
SSL connections, the server accepts the ALPN, and refuses the
connection if it's not what we expect, but connecting without ALPN is
still OK. With the new direct SSL connections, ALPN is mandatory.
NOTE: This uses "TBD-pgsql" as the protocol ID. We must register a
proper one with IANA before the release!
Author: Greg Stark, Heikki Linnakangas
Reviewed-by: Matthias van de Meent, Jacob Champion
My compiler complains:
[396/992 42 39%] Compiling C object
src/backend/postgres_lib.a.p/libpq_be-secure-openssl.c.o
../../../../../home/andres/src/postgresql/src/backend/libpq/be-secure-openssl.c:
In function 'alpn_cb':
../../../../../home/andres/src/postgresql/src/backend/libpq/be-secure-openssl.c:1327:69:
warning: ordered comparison of pointer with integer zero [-Wextra]
1327 | if (*out == NULL || *outlen > sizeof(alpn_protos) || outlen <=
0)
| ^~
[991/992 1 99%] Linking target src/bin/pg_dump/pg_dump
And I think it may show why the warning is a good idea - I assume
"*outlen <= 0" was intended?
Yes. Fixed, thanks!
--
Heikki Linnakangas
Neon (https://neon.tech)