Fix check for conflicting SSL min/max protocol settings

Commit 79dfa8a has introduced a check to catch when the minimum protocol version was set higher than the maximum version, however an error was getting generated when both bounds are set even if they are able to work, causing a backend to not use a new SSL context but keep the old one. Author: Daniel Gustafsson Discussion: https://postgr.es/m/14BFD060-8C9D-43B4-897D-D5D9AA6FC92B@yesql.se
5 years ago · e30b0b5cfa
parent 1816a1c6ff
commit e30b0b5cfa
1 changed files with 3 additions and 1 deletions
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@ -226,12 +226,14 @@ be_tls_init(bool isServerStart)
 		 * as the code above would have already generated an error.
 		 */
 		if (ssl_ver_min > ssl_ver_max)
+		{
 			ereport(isServerStart ? FATAL : LOG,
 					(errmsg("could not set SSL protocol version range"),
 					 errdetail("\"%s\" cannot be higher than \"%s\"",
 							   "ssl_min_protocol_version",
 							   "ssl_max_protocol_version")));
-		goto error;
+			goto error;
+		}
 	}

 	/* disallow SSL session tickets */