On 6/2/26, 11:32 PM, "Ewan Young" <[email protected] <mailto:[email protected]>> wrote: > > +1 for the idea. (I'm fairly new here, so please take my comments with > a grain of salt.)
Thanks for the review! > 1. The comment just above the renamed call in be_tls_init() still > says "set up ephemeral DH and ECDH keys". Maybe it should be > updated to match? Right, that makes sense. I did a larger grep and updated comments where I found stale references to curves and (EC)DH. > 2. The SSLECDHCurve variable (and its "GUC variable for default ECDH > curve" comment in be-secure.c) still uses the old naming. I wasn't > sure if that was left out intentionally to keep the patch small -- > if not, would it make sense to rename it too, for consistency with > the initialize_groups() rename? This also seems reasonable. I didn't find usage of this extern outside of Postgres itself in the wild from a brief search. Attached a revision. Evan
v2-0001-Clarify-that-ssl_groups-is-for-any-key-exchange-g.patch
Description: v2-0001-Clarify-that-ssl_groups-is-for-any-key-exchange-g.patch
