On 03.07.24 17:20, Daniel Gustafsson wrote:
After fiddling a bit with the code and documentation I came up with the attached version which also makes the testsuite use the list syntax in order to test it. It's essentially just polish and adding comments with the functional changes that a) it parses the entire list of curves so all errors can be reported instead of giving up at the first error; b) leaving the cipher suite GUC blank will set the suites to the OpenSSL default vale.
It would be worth checking the discussion at <https://www.postgresql.org/message-id/flat/79692bf9-17d3-41e6-b9c9-fc8c39442...@eisentraut.org> about strtok()/strtok_r() issues. First, for list parsing, it sometimes gives the wrong semantics, which I think might apply here. Maybe it's worth comparing this with the semantics that OpenSSL provides natively. And second, strtok_r() is not available on Windows without the workaround provided in that thread.
I'm doubtful that it's worth replicating all this list parsing logic instead of just letting OpenSSL do it. This is a very marginal feature after all.
