On 2024-07-26 13:55:29 +0200, Daniel Gustafsson wrote:
> Thanks for review, I've applied this backpatched all the way.
Thanks for working on this!
On Mon, Jul 29, 2024 at 5:57 AM Daniel Gustafsson wrote:
> I'm sure there are more interactions with OpenSSL, and TLS in general, which
> warrants better comments but the attached takes a stab at the two examples in
> question here to get started (to avoid perfect get in the way of progress).
+1.
> On 26 Jul 2024, at 20:29, Robert Haas wrote:
> One of my chronic complaints about comments is
> that they should say why we're doing things, not what we're doing.
Agreed.
> I feel like any
> place where we are doing X because of some property of a non-PG code
> base with which a particular re
On Fri, Jul 26, 2024 at 10:23 AM Daniel Gustafsson wrote:
> We turn off TLS session tickets for two reasons: a) we don't support TLS
> session resumption, and some resumption capable client libraries can
> experience
> connection failures if they try to use tickets received in the setup (Npgsql
> On 26 Jul 2024, at 16:08, Robert Haas wrote:
>
> On Fri, Jul 26, 2024 at 8:27 AM Daniel Gustafsson wrote:
>> Thanks for the report, I'll fix it. Buildfarm animal hamerkop also reminded
>> me
>> that I had managed to stash the old MSVC buildsystem changes
>> (ENOTENOUGHCOFFEE)
>> so fixing t
On Fri, Jul 26, 2024 at 8:27 AM Daniel Gustafsson wrote:
> Thanks for the report, I'll fix it. Buildfarm animal hamerkop also reminded
> me
> that I had managed to stash the old MSVC buildsystem changes
> (ENOTENOUGHCOFFEE)
> so fixing that at the same time.
I was just looking at this commit a
On 2024-07-26 15:27, Daniel Gustafsson wrote:
On 26 Jul 2024, at 14:03, Marina Polyakova
wrote:
It looks like the recommended way of using autoheader [1] is now
broken. The attached patch fixes the master branch for me.
Thanks for the report, I'll fix it. Buildfarm animal hamerkop also
remi
> On 26 Jul 2024, at 14:03, Marina Polyakova wrote:
> On 2024-07-26 14:55, Daniel Gustafsson wrote:
>> Thanks for review, I've applied this backpatched all the way.
>
> It looks like the recommended way of using autoheader [1] is now broken. The
> attached patch fixes the master branch for me.
Hello!
On 2024-07-26 14:55, Daniel Gustafsson wrote:
Thanks for review, I've applied this backpatched all the way.
It looks like the recommended way of using autoheader [1] is now broken.
The attached patch fixes the master branch for me.
[1]
https://www.postgresql.org/message-id/30511.154
> On 24 Jul 2024, at 07:44, Heikki Linnakangas wrote:
>
> On 18/06/2024 16:11, Daniel Gustafsson wrote:
>>> On 17 Jun 2024, at 19:38, Andres Freund wrote:
>>> Seems we ought to use SSL_CTX_set_num_tickets() to prevent issuing the
>>> useless
>>> tickets?
>> Agreed, in 1.1.1 and above as the API
On 18/06/2024 16:11, Daniel Gustafsson wrote:
On 17 Jun 2024, at 19:38, Andres Freund wrote:
Seems we ought to use SSL_CTX_set_num_tickets() to prevent issuing the useless
tickets?
Agreed, in 1.1.1 and above as the API was only introduced then. LibreSSL added
the API in 3.5.4 but only for com
> On 17 Jun 2024, at 19:38, Andres Freund wrote:
> Note the second to last paragraph: Because we use SSL_OP_NO_TICKET we trigger
> use of stateful tickets. Which afaict are never going to be useful, because we
> don't share the necessary state.
Nice catch, I learned something new today. I was u
Hi,
To investigate an unrelated issue, I set up key logging in the backend (we
probably should build that in) and looked at the decrypted data. And noticed
that just after TLS setup finished the server sends three packets in a row:
C->S: TLSv1.3: finished
C->S: TLSv1.3: application data (startup
13 matches
Mail list logo
