On Tue, Jun 23, 2026 at 12:17 PM Japin Li <[email protected]> wrote: > >> -- > >> Fujii Masao > >> <v1-0001-Warn-on-password-auth-with-MD5-encrypted-password.patch> > > > > Given that the original warning emission was in md5_crypt_verify(), I > > think it might be a bit better to keep the two private helpers in > > crypt.c and add the warning emission in plain_crypt_verify(), because > > that function has already determined the password type and > > authentication result. > > > +1 > > Placing it in plain_crypt_verify() leverages the already-determined type and > result, while keeping the helpers internal to crypt.c is cleaner.
plain_crypt_verify() looks like a generic helper to me. It's used not only for connection authentication, but also by CREATE/ALTER ROLE and passwordcheck. So I'm not sure it's clearer to add a connection-authentication-specific side effect there. Also, plain_crypt_verify() can be called after EmitConnectionWarnings(), for example, by CREATE/ALTER ROLE. So if plain_crypt_verify() were updated to simply call StoreConnectionWarning() for MD5 password warnings, it could end up calling StoreConnectionWarning() after EmitConnectionWarnings(), resulting in the unexpected error "StoreConnectionWarning() called after EmitConnectionWarnings()". Regards, -- Fujii Masao
