On 28.03.22 22:21, Jacob Champion wrote:
On Mon, 2022-03-28 at 11:17 +0200, Daniel Gustafsson wrote:
Fixing up the switch_server_cert() calls and using default_ssl_connstr makes
the test pass for me. The required fixes are in the supplied 0004 diff, I kept
them separate to allow the original author to incorporate them without having
to dig them out to see what changed (named to match the git format-patch output
since I think the CFBot just applies the patches in alphabetical order).
Thanks! Those changes look good to me; I've folded them into v11. This
is rebased on a newer HEAD so it should fix the apply failures that
Greg pointed out.
I'm not happy about how inet_net_pton.o is repurposed here. That code
is clearly meant to support backend data types with specifically. Code like
+ /*
+ * pg_inet_net_pton() will accept CIDR masks, which we don't want to
+ * match, so skip the comparison if the host string contains a slash.
+ */
indicates that we are fighting against the API. Also, if someone ever
wants to change how those backend data types work, we then have to check
a bunch of other code as well.
I think we should be using inet_ntop()/inet_pton() directly here. We
can throw substitute implementations into libpgport if necessary, that's
not so difficult.
