From: Michael Paquier Date: Wed, 29 Apr 2020 23:14:02 +0000 (+0900) Subject: Fix check for conflicting SSL min/max protocol settings X-Git-Tag: REL_13_BETA1~153 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e30b0b5cfaeb4f1f739f82c34c5ae2773852a088;p=thirdparty%2Fpostgresql.git Fix check for conflicting SSL min/max protocol settings Commit 79dfa8a has introduced a check to catch when the minimum protocol version was set higher than the maximum version, however an error was getting generated when both bounds are set even if they are able to work, causing a backend to not use a new SSL context but keep the old one. Author: Daniel Gustafsson Discussion: https://postgr.es/m/14BFD060-8C9D-43B4-897D-D5D9AA6FC92B@yesql.se --- diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index a65f920343c..42c5c07e580 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -226,12 +226,14 @@ be_tls_init(bool isServerStart) * as the code above would have already generated an error. */ if (ssl_ver_min > ssl_ver_max) + { ereport(isServerStart ? FATAL : LOG, (errmsg("could not set SSL protocol version range"), errdetail("\"%s\" cannot be higher than \"%s\"", "ssl_min_protocol_version", "ssl_max_protocol_version"))); - goto error; + goto error; + } } /* disallow SSL session tickets */