Fix check for conflicting SSL min/max protocol settings

Commit 79dfa8a has introduced a check to catch when the minimum protocol
version was set higher than the maximum version, however an error was
getting generated when both bounds are set even if they are able to
work, causing a backend to not use a new SSL context but keep the old
one.

Author: Daniel Gustafsson
Discussion: https://postgr.es/m/14BFD060-8C9D-43B4-897D-D5D9AA6FC92B@yesql.se

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index a65f920343c599d9242599114e81f2896ad862a8..42c5c07e580728fa94c7c9e0821e5c600467e118 100644 (file)
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -226,12 +226,14 @@ be_tls_init(bool isServerStart)
         * as the code above would have already generated an error.
         */
        if (ssl_ver_min > ssl_ver_max)
+       {
            ereport(isServerStart ? FATAL : LOG,
                    (errmsg("could not set SSL protocol version range"),
                     errdetail("\"%s\" cannot be higher than \"%s\"",
                               "ssl_min_protocol_version",
                               "ssl_max_protocol_version")));
-       goto error;
+           goto error;
+       }
    }
 
    /* disallow SSL session tickets */