diff options
| -rw-r--r-- | src/backend/utils/misc/guc.c | 51 | ||||
| -rw-r--r-- | src/test/ssl/t/001_ssltests.pl | 20 |
2 files changed, 3 insertions, 68 deletions
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 9630866a5f9..8228e1f3903 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -205,10 +205,6 @@ static const char *show_log_file_mode(void); static const char *show_data_directory_mode(void); static bool check_backtrace_functions(char **newval, void **extra, GucSource source); static void assign_backtrace_functions(const char *newval, void *extra); -static bool check_ssl_min_protocol_version(int *newval, void **extra, - GucSource source); -static bool check_ssl_max_protocol_version(int *newval, void **extra, - GucSource source); static bool check_recovery_target_timeline(char **newval, void **extra, GucSource source); static void assign_recovery_target_timeline(const char *newval, void *extra); static bool check_recovery_target(char **newval, void **extra, GucSource source); @@ -4657,7 +4653,7 @@ static struct config_enum ConfigureNamesEnum[] = &ssl_min_protocol_version, PG_TLS1_2_VERSION, ssl_protocol_versions_info + 1, /* don't allow PG_TLS_ANY */ - check_ssl_min_protocol_version, NULL, NULL + NULL, NULL, NULL }, { @@ -4669,7 +4665,7 @@ static struct config_enum ConfigureNamesEnum[] = &ssl_max_protocol_version, PG_TLS_ANY, ssl_protocol_versions_info, - check_ssl_max_protocol_version, NULL, NULL + NULL, NULL, NULL }, /* End-of-list marker */ @@ -11643,49 +11639,6 @@ assign_backtrace_functions(const char *newval, void *extra) } static bool -check_ssl_min_protocol_version(int *newval, void **extra, GucSource source) -{ - int new_ssl_min_protocol_version = *newval; - - /* PG_TLS_ANY is not supported for the minimum bound */ - Assert(new_ssl_min_protocol_version > PG_TLS_ANY); - - if (ssl_max_protocol_version && - new_ssl_min_protocol_version > ssl_max_protocol_version) - { - GUC_check_errhint("\"%s\" cannot be higher than \"%s\".", - "ssl_min_protocol_version", - "ssl_max_protocol_version"); - GUC_check_errcode(ERRCODE_INVALID_PARAMETER_VALUE); - return false; - } - - return true; -} - -static bool -check_ssl_max_protocol_version(int *newval, void **extra, GucSource source) -{ - int new_ssl_max_protocol_version = *newval; - - /* if PG_TLS_ANY, there is no need to check the bounds */ - if (new_ssl_max_protocol_version == PG_TLS_ANY) - return true; - - if (ssl_min_protocol_version && - ssl_min_protocol_version > new_ssl_max_protocol_version) - { - GUC_check_errhint("\"%s\" cannot be lower than \"%s\".", - "ssl_max_protocol_version", - "ssl_min_protocol_version"); - GUC_check_errcode(ERRCODE_INVALID_PARAMETER_VALUE); - return false; - } - - return true; -} - -static bool check_recovery_target_timeline(char **newval, void **extra, GucSource source) { RecoveryTargetTimeLineGoal rttg; diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index 6b57b16fab5..e740099aca8 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -13,7 +13,7 @@ use SSLServer; if ($ENV{with_openssl} eq 'yes') { - plan tests => 93; + plan tests => 91; } else { @@ -97,24 +97,6 @@ command_ok( 'restart succeeds with password-protected key file'); $node->_update_pid(1); -# Test compatibility of SSL protocols. -# TLSv1.1 is lower than TLSv1.2, so it won't work. -$node->append_conf( - 'postgresql.conf', - qq{ssl_min_protocol_version='TLSv1.2' -ssl_max_protocol_version='TLSv1.1'}); -command_fails( - [ 'pg_ctl', '-D', $node->data_dir, '-l', $node->logfile, 'restart' ], - 'restart fails with incorrect SSL protocol bounds'); -# Go back to the defaults, this works. -$node->append_conf( - 'postgresql.conf', - qq{ssl_min_protocol_version='TLSv1.2' -ssl_max_protocol_version=''}); -command_ok( - [ 'pg_ctl', '-D', $node->data_dir, '-l', $node->logfile, 'restart' ], - 'restart succeeds with correct SSL protocol bounds'); - ### Run client-side tests. ### ### Test that libpq accepts/rejects the connection correctly, depending |