From: Michael Paquier <michael@paquier.xyz>
Date: Wed, 29 Apr 2020 23:14:02 +0000 (+0900)
Subject: Fix check for conflicting SSL min/max protocol settings
X-Git-Tag: REL_13_BETA1~153
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e30b0b5cfaeb4f1f739f82c34c5ae2773852a088;p=thirdparty%2Fpostgresql.git

Fix check for conflicting SSL min/max protocol settings

Commit 79dfa8a has introduced a check to catch when the minimum protocol
version was set higher than the maximum version, however an error was
getting generated when both bounds are set even if they are able to
work, causing a backend to not use a new SSL context but keep the old
one.

Author: Daniel Gustafsson
Discussion: https://postgr.es/m/14BFD060-8C9D-43B4-897D-D5D9AA6FC92B@yesql.se
---

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index a65f920343c..42c5c07e580 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -226,12 +226,14 @@ be_tls_init(bool isServerStart)
 		 * as the code above would have already generated an error.
 		 */
 		if (ssl_ver_min > ssl_ver_max)
+		{
 			ereport(isServerStart ? FATAL : LOG,
 					(errmsg("could not set SSL protocol version range"),
 					 errdetail("\"%s\" cannot be higher than \"%s\"",
 							   "ssl_min_protocol_version",
 							   "ssl_max_protocol_version")));
-		goto error;
+			goto error;
+		}
 	}
 
 	/* disallow SSL session tickets */