On Mon Jul 13, 2026 at 2:17 PM UTC, Daniel Gustafsson wrote:
> I've been collecting a few small fixups to the OpenSSL code and figured it was
> time to send them over to keep the number of fixes more manageable.
>
> * 0001: Remove the use of static variable to not interfere with the future
>   multithreading efforts
> * 0002: Replace SSLv23_method with TLS_method, it has been an alias to the new
>   name since 2015 in OpenSSL
> * 0003: Replace deprecated API X509_NAME_get_text_by_NID with the recommended
>   alternative X509_NAME_get_index_by_NID + X509_NAME_get_entry.  The API was
>   deprecated in OpenSSL 4 and risk getting removed, with the alternatives 
> being
>   available in all supported versions.
> * 0004: Fix TLS protocol detection.  We have been using the wrong macro for
>   feature test for a long time, replace with the actual feature test macro.
>   (There is no protocol downgrade here, it will error out when 
> misconfiguring).
>
> None of these change existing functionality or introduce new functionality.

The patches look good. I did have one comment in patch 0001. For the 
hasWarned argument to init_host_context, do we you think we should add 
an Assert(hasWarned) or add a pg_attribute_nonnull(3)? I see we 
dereference the pointer without first checking for its validity. I know 
it isn't common in Postgres source code to add such protections, but 
I figured I would point it out anyway.

-- 
Tristan Partin
PostgreSQL Contributors Team
AWS (https://aws.amazon.com)


Reply via email to