diff options
| author | Michael Paquier <michael@paquier.xyz> | 2021-03-09 11:16:47 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2021-03-09 11:16:47 +0900 |
| commit | f9264d1524baa19e4a0528f033681ef16f61b137 (patch) | |
| tree | 846eccd93ae1cc4e88f72d8ceea447c1f71facc7 /contrib/postgres_fdw | |
| parent | d4545dc19b8ea670bf62e06d22b0e4e6fcb45153 (diff) | |
| download | postgresql-f9264d1524baa19e4a0528f033681ef16f61b137.tar.gz postgresql-f9264d1524baa19e4a0528f033681ef16f61b137.zip | |
Remove support for SSL compression
PostgreSQL disabled compression as of e3bdb2d and the documentation
recommends against using it since. Additionally, SSL compression has
been disabled in OpenSSL since version 1.1.0, and was disabled in many
distributions long before that. The most recent TLS version, TLSv1.3,
disallows compression at the protocol level.
This commit removes the feature itself, removing support for the libpq
parameter sslcompression (parameter still listed for compatibility
reasons with existing connection strings, just ignored), and removes
the equivalent field in pg_stat_ssl and de facto PgBackendSSLStatus.
Note that, on top of removing the ability to activate compression by
configuration, compression is actively disabled in both frontend and
backend to avoid overrides from local configurations.
A TAP test is added for deprecated SSL parameters to check after
backwards compatibility.
Bump catalog version.
Author: Daniel Gustafsson
Reviewed-by: Peter Eisentraut, Magnus Hagander, Michael Paquier
Discussion: https://postgr.es/m/7E384D48-11C5-441B-9EC3-F7DB1F8518F6@yesql.se
Diffstat (limited to 'contrib/postgres_fdw')
| -rw-r--r-- | contrib/postgres_fdw/expected/postgres_fdw.out | 3 | ||||
| -rw-r--r-- | contrib/postgres_fdw/sql/postgres_fdw.sql | 1 |
2 files changed, 1 insertions, 3 deletions
diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index 0649b6b81cd..c2565dfc709 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -163,7 +163,6 @@ ALTER SERVER testserver1 OPTIONS ( keepalives_interval 'value', tcp_user_timeout 'value', -- requiressl 'value', - sslcompression 'value', sslmode 'value', sslcert 'value', sslkey 'value', @@ -8946,7 +8945,7 @@ DO $d$ END; $d$; ERROR: invalid option "password" -HINT: Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcompression, sslcert, sslkey, sslrootcert, sslcrl, sslcrldir, requirepeer, ssl_min_protocol_version, ssl_max_protocol_version, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size, batch_size +HINT: Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcert, sslkey, sslrootcert, sslcrl, sslcrldir, requirepeer, ssl_min_protocol_version, ssl_max_protocol_version, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size, batch_size CONTEXT: SQL statement "ALTER SERVER loopback_nopw OPTIONS (ADD password 'dummypw')" PL/pgSQL function inline_code_block line 3 at EXECUTE -- If we add a password for our user mapping instead, we should get a different diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 2b525ea44a8..a143a704064 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -177,7 +177,6 @@ ALTER SERVER testserver1 OPTIONS ( keepalives_interval 'value', tcp_user_timeout 'value', -- requiressl 'value', - sslcompression 'value', sslmode 'value', sslcert 'value', sslkey 'value', |