Fix check for conflicting SSL min/max protocol settings

Commit 79dfa8af has introduced a check to catch when the minimum protocol version was set higher than the maximum version, however an error was getting generated when both bounds are set even if they are able to work, causing a backend to not use a new SSL context but keep the old one. Author: Daniel Gustafsson Discussion: https://postgr.es/m/14BFD060-8C9D-43B4-897D-D5D9AA6FC92B@yesql.se

Fix check for conflicting SSL min/max protocol settings
Commit 79dfa8af has introduced a check to catch when the minimum protocol version was set higher than the maximum version, however an error was getting generated when both bounds are set even if they are able to work, causing a backend to not use a new SSL context but keep the old one. Author: Daniel Gustafsson Discussion: https://postgr.es/m/14BFD060-8C9D-43B4-897D-D5D9AA6FC92B@yesql.se
e30b0b5c · Michael Paquier · 1816a1c6 · e30b0b5c
Commit e30b0b5c authored Apr 30, 2020 by Michael Paquier
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

src/backend/libpq/be-secure-openssl.c src/backend/libpq/be-secure-openssl.c +3 -1

No files found.
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -226,12 +226,14 @@ be_tls_init(bool isServerStart)
 		 * as the code above would have already generated an error.
 		 */
 		if (ssl_ver_min > ssl_ver_max)
+		{
 			ereport(isServerStart ? FATAL : LOG,
 					(errmsg("could not set SSL protocol version range"),
 					 errdetail("\"%s\" cannot be higher than \"%s\"",
 							   "ssl_min_protocol_version",
 							   "ssl_max_protocol_version")));
-		goto error;
+			goto error;
+		}
 	}

 	/* disallow SSL session tickets */