database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-13 07:41:39 +03:00
Code Activity

Remove support for SSL compression

Browse Source 
PostgreSQL disabled compression as of e3bdb2d and the documentation
recommends against using it since.  Additionally, SSL compression has
been disabled in OpenSSL since version 1.1.0, and was disabled in many
distributions long before that.  The most recent TLS version, TLSv1.3,
disallows compression at the protocol level.

This commit removes the feature itself, removing support for the libpq
parameter sslcompression (parameter still listed for compatibility
reasons with existing connection strings, just ignored), and removes
the equivalent field in pg_stat_ssl and de facto PgBackendSSLStatus.

Note that, on top of removing the ability to activate compression by
configuration, compression is actively disabled in both frontend and
backend to avoid overrides from local configurations.

A TAP test is added for deprecated SSL parameters to check after
backwards compatibility.

Bump catalog version.

Author: Daniel Gustafsson
Reviewed-by: Peter Eisentraut, Magnus Hagander, Michael Paquier
Discussion:  https://postgr.es/m/7E384D48-11C5-441B-9EC3-F7DB1F8518F6@yesql.se
This commit is contained in:
Michael Paquier
2021-03-09 11:16:47 +09:00
parent d4545dc19b
commit f9264d1524
19 changed files with 60 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/backend/utils/adt/pgstatfuncs.c
View File

@ -569,7 +569,7 @@ pg_stat_get_progress_info(PG_FUNCTION_ARGS)
Datum
pg_stat_get_activity(PG_FUNCTION_ARGS)
{
#define PG_STAT_GET_ACTIVITY_COLS 30
#define PG_STAT_GET_ACTIVITY_COLS 29
int num_backends = pgstat_fetch_stat_numbackends();
int curr_backend;
int pid = PG_ARGISNULL(0) ? -1 : PG_GETARG_INT32(0);
@ -708,7 +708,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
pfree(clipped_activity);
/* leader_pid */
nulls[29] = true;
nulls[28] = true;
proc = BackendPidGetProc(beentry->st_procpid);
@ -745,8 +745,8 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
*/
if (leader && leader->pid != beentry->st_procpid)
{
values[29] = Int32GetDatum(leader->pid);
nulls[29] = false;
values[28] = Int32GetDatum(leader->pid);
nulls[28] = false;
}
}
@ -875,44 +875,43 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
values[19] = CStringGetTextDatum(beentry->st_sslstatus->ssl_version);
values[20] = CStringGetTextDatum(beentry->st_sslstatus->ssl_cipher);
values[21] = Int32GetDatum(beentry->st_sslstatus->ssl_bits);
values[22] = BoolGetDatum(beentry->st_sslstatus->ssl_compression);
if (beentry->st_sslstatus->ssl_client_dn[0])
values[23] = CStringGetTextDatum(beentry->st_sslstatus->ssl_client_dn);
values[22] = CStringGetTextDatum(beentry->st_sslstatus->ssl_client_dn);
else
nulls[23] = true;
nulls[22] = true;
if (beentry->st_sslstatus->ssl_client_serial[0])
values[24] = DirectFunctionCall3(numeric_in,
values[23] = DirectFunctionCall3(numeric_in,
CStringGetDatum(beentry->st_sslstatus->ssl_client_serial),
ObjectIdGetDatum(InvalidOid),
Int32GetDatum(-1));
else
nulls[24] = true;
nulls[23] = true;
if (beentry->st_sslstatus->ssl_issuer_dn[0])
values[25] = CStringGetTextDatum(beentry->st_sslstatus->ssl_issuer_dn);
values[24] = CStringGetTextDatum(beentry->st_sslstatus->ssl_issuer_dn);
else
nulls[25] = true;
nulls[24] = true;
}
else
{
values[18] = BoolGetDatum(false); /* ssl */
nulls[19] = nulls[20] = nulls[21] = nulls[22] = nulls[23] = nulls[24] = nulls[25] = true;
nulls[19] = nulls[20] = nulls[21] = nulls[22] = nulls[23] = nulls[24] = true;
}
/* GSSAPI information */
if (beentry->st_gss)
{
values[26] = BoolGetDatum(beentry->st_gssstatus->gss_auth); /* gss_auth */
values[27] = CStringGetTextDatum(beentry->st_gssstatus->gss_princ);
values[28] = BoolGetDatum(beentry->st_gssstatus->gss_enc); /* GSS Encryption in use */
values[25] = BoolGetDatum(beentry->st_gssstatus->gss_auth); /* gss_auth */
values[26] = CStringGetTextDatum(beentry->st_gssstatus->gss_princ);
values[27] = BoolGetDatum(beentry->st_gssstatus->gss_enc); /* GSS Encryption in use */
}
else
{
values[26] = BoolGetDatum(false); /* gss_auth */
nulls[27] = true; /* No GSS principal */
values[28] = BoolGetDatum(false); /* GSS Encryption not in
values[25] = BoolGetDatum(false); /* gss_auth */
nulls[26] = true; /* No GSS principal */
values[27] = BoolGetDatum(false); /* GSS Encryption not in
* use */
}
}
@ -942,7 +941,6 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
nulls[26] = true;
nulls[27] = true;
nulls[28] = true;
nulls[29] = true;
}
tuplestore_putvalues(tupstore, tupdesc, values, nulls);