public inbox for [email protected]
help / color / mirror / Atom feedFrom: Ewan Young <[email protected]>
To: Si, Evan <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: [PATCH] Clarify that ssl_groups is for any key exchange groups
Date: Thu, 4 Jun 2026 11:00:34 +0800
Message-ID: <CAON2xHOaR0_Ga7PwbHgp1yTpXg_bwjj6qeAd2D2Veg6WKvMdSg@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
On Thu, Jun 4, 2026 at 1:29 AM Si, Evan <[email protected]> wrote:
>
> On 6/2/26, 11:32 PM, "Ewan Young" <[email protected] <mailto:[email protected]>> wrote:
> >
> > +1 for the idea. (I'm fairly new here, so please take my comments with
> > a grain of salt.)
>
> Thanks for the review!
>
> > 1. The comment just above the renamed call in be_tls_init() still
> > says "set up ephemeral DH and ECDH keys". Maybe it should be
> > updated to match?
>
> Right, that makes sense. I did a larger grep and updated comments where I found stale references to curves and (EC)DH.
Thanks! I re-did the grep on v2 and found no remaining stale references.
>
> > 2. The SSLECDHCurve variable (and its "GUC variable for default ECDH
> > curve" comment in be-secure.c) still uses the old naming. I wasn't
> > sure if that was left out intentionally to keep the patch small --
> > if not, would it make sense to rename it too, for consistency with
> > the initialize_groups() rename?
>
> This also seems reasonable. I didn't find usage of this extern outside of Postgres itself in the wild from a brief search.
>
> Attached a revision.
>
> Evan
>
I tested v2 on top of current master:
- applies cleanly, builds without warnings (--with-openssl)
- src/test/ssl TAP suite passes
v2 looks good to me, and I have nothing further.
Best regards,
Ewan Young
view thread (6+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: [PATCH] Clarify that ssl_groups is for any key exchange groups
In-Reply-To: <CAON2xHOaR0_Ga7PwbHgp1yTpXg_bwjj6qeAd2D2Veg6WKvMdSg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox