On 3/2/22 08:40, Tom Lane wrote:
Chris Bandy writes:
On 3/1/22 3:15 AM, Tom Lane wrote:
Anyway, I'd be happier about back-patching if we could document
actual requests to make it work like the server side does.
PGO runs PostgreSQL 10 through 14 in Kubernetes, and we have to work
around
Chris Bandy writes:
> On 3/1/22 3:15 AM, Tom Lane wrote:
>> Anyway, I'd be happier about back-patching if we could document
>> actual requests to make it work like the server side does.
> PGO runs PostgreSQL 10 through 14 in Kubernetes, and we have to work
> around this issue when using
On 3/1/22 3:15 AM, Tom Lane wrote:
> Stephen Frost writes:
>> * Tom Lane (t...@sss.pgh.pa.us) wrote:
>>> I'd be more eager to do that if we had some field complaints
>>> about it. Since we don't, my inclination is not to, but I'm
>>> only -0.1 or so; anybody else want to vote?
>
>> This patch
Stephen Frost writes:
> * Tom Lane (t...@sss.pgh.pa.us) wrote:
>> I'd be more eager to do that if we had some field complaints
>> about it. Since we don't, my inclination is not to, but I'm
>> only -0.1 or so; anybody else want to vote?
> This patch was specifically developed in response to
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> David Steele writes:
> > Any thoughts on back-patching at least the client portion of this?
> > Probably hard to argue that it's a bug, but it is certainly painful.
>
> I'd be more eager to do that if we had some field complaints
> about it.
David Steele writes:
> Any thoughts on back-patching at least the client portion of this?
> Probably hard to argue that it's a bug, but it is certainly painful.
I'd be more eager to do that if we had some field complaints
about it. Since we don't, my inclination is not to, but I'm
only -0.1 or
On 2/28/22 13:20, Tom Lane wrote:
David Steele writes:
[ client-key-perm-003.patch ]
Pushed with a bit of copy-editing of the comments.
Thank you!
Any thoughts on back-patching at least the client portion of this?
Probably hard to argue that it's a bug, but it is certainly painful.
David Steele writes:
> [ client-key-perm-003.patch ]
Pushed with a bit of copy-editing of the comments.
> So, to test the new functionality, just add this snippet on line 57 of
> 001_ssltests.pl:
> chmod 0640, "$cert_tempdir/client.key"
> or die "failed to change permissions on
Hi Tom,
On 1/18/22 14:41, Tom Lane wrote:
David Steele writes:
[ client-key-perm-002.patch ]
I took a quick look at this and agree with the proposed behavior
change, but also with your self-criticisms:
We may want to do the same on the server side to make the code blocks
look more
David Steele writes:
> On 1/18/22 15:41, Tom Lane wrote:
>> The only other nitpick I have is that I'd make the cross-references be
>> to the two file names, ie like "Note that similar checks are performed
>> in fe-secure-openssl.c ..." References to the specific functions seem
>> likely to
On 1/18/22 15:41, Tom Lane wrote:
David Steele writes:
I took a quick look at this and agree with the proposed behavior
change, but also with your self-criticisms:
We may want to do the same on the server side to make the code blocks
look more similar.
Also, on the server side the S_ISREG()
David Steele writes:
> [ client-key-perm-002.patch ]
I took a quick look at this and agree with the proposed behavior
change, but also with your self-criticisms:
> We may want to do the same on the server side to make the code blocks
> look more similar.
>
> Also, on the server side the
On 11/8/21 2:04 PM, Stephen Frost wrote:
* David Steele (da...@pgmasters.net) wrote:
I looked at trying to make this code common between the server and client
but due to the differences in error reporting it seemed like more trouble
than it was worth.
Maybe we should at least have the
Greetings,
* David Steele (da...@pgmasters.net) wrote:
> I noticed recently that permissions checking is done differently for the
> server certificate key than the client key. Specifically, on the server the
> key can have 640 perms if it is owned by root.
Yeah, that strikes me as odd too,
On 10/22/21 11:41 AM, David Steele wrote:
I noticed recently that permissions checking is done differently for the
server certificate key than the client key. Specifically, on the server
the key can have 640 perms if it is owned by root.
On the server side this change was made in 9a83564c
Hackers,
I noticed recently that permissions checking is done differently for the
server certificate key than the client key. Specifically, on the server
the key can have 640 perms if it is owned by root.
On the server side this change was made in 9a83564c and I think the same
rational
16 matches
Mail list logo