From 3e401a75dc81978a73302b193da9256a9cc9b876 Mon Sep 17 00:00:00 2001
From: Mehmet Yilmaz <mehmetyilmaz@microsoft.com>
Date: Fri, 16 May 2025 13:14:19 +0000
Subject: [PATCH] Refactor OpenSSL initialization and certificate date
 adjustment for improved clarity and consistency

---
 .../distributed/metadata/node_metadata.c      |  4 +--
 src/backend/distributed/utils/enable_ssl.c    | 36 ++++++++++---------
 2 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/src/backend/distributed/metadata/node_metadata.c b/src/backend/distributed/metadata/node_metadata.c
index b59675baa..6c7a98587 100644
--- a/src/backend/distributed/metadata/node_metadata.c
+++ b/src/backend/distributed/metadata/node_metadata.c
@@ -2970,11 +2970,11 @@ DeleteNodeRow(char *nodeName, int32 nodePort)
 	/* PG 18+ adds a bool “deferrable_ok” parameter */
 	Relation replicaIndex =
 		index_open(RelationGetPrimaryKeyIndex(pgDistNode, false),
-				   RowExclusiveLock);
+				   AccessShareLock);
 #else
 	Relation replicaIndex =
 		index_open(RelationGetPrimaryKeyIndex(pgDistNode),
-				   RowExclusiveLock);
+				   AccessShareLock);
 #endif
 
 
diff --git a/src/backend/distributed/utils/enable_ssl.c b/src/backend/distributed/utils/enable_ssl.c
index f111b9cb9..5151db26d 100644
--- a/src/backend/distributed/utils/enable_ssl.c
+++ b/src/backend/distributed/utils/enable_ssl.c
@@ -239,18 +239,20 @@ CreateCertificatesWhenNeeded()
 	SSL_CTX *sslContext = NULL;
 
 	/*
-	* Ensure the OpenSSL library is initialized so we can create our SSL context.
-	* On OpenSSL ≥ 1.1.0 we call OPENSSL_init_ssl() (which also loads the default
-	* config), and on older versions we fall back to SSL_library_init().
-	* PostgreSQL itself will perform its full SSL setup when it reloads
-	* its configuration with ssl enabled.
-	*/
+	 * Ensure the OpenSSL library is initialized so we can create our SSL context.
+	 * On OpenSSL ≥ 1.1.0 we call OPENSSL_init_ssl() (which also loads the default
+	 * config), and on older versions we fall back to SSL_library_init().
+	 * PostgreSQL itself will perform its full SSL setup when it reloads
+	 * its configuration with ssl enabled.
+	 */
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
-    /* OpenSSL 1.1.0+ */
-    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
+	/* OpenSSL 1.1.0+ */
+	OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
 #else
-    /* OpenSSL < 1.1.0 */
-    SSL_library_init();
+
+	/* OpenSSL < 1.1.0 */
+	SSL_library_init();
 #endif
 
 	sslContext = SSL_CTX_new(SSLv23_method());
@@ -383,13 +385,15 @@ CreateCertificate(EVP_PKEY *privateKey)
 	 * expiration date and then suddenly erroring out.
 	 */
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
-    /* OpenSSL 1.1.0+ */
-    X509_gmtime_adj(X509_getm_notBefore(certificate), 0);
-    X509_gmtime_adj(X509_getm_notAfter (certificate),  0);
+
+	/* OpenSSL 1.1.0+ */
+	X509_gmtime_adj(X509_getm_notBefore(certificate), 0);
+	X509_gmtime_adj(X509_getm_notAfter(certificate), 0);
 #else
-    /* OpenSSL < 1.1.0 */
-    X509_gmtime_adj(X509_get_notBefore(certificate), 0);
-    X509_gmtime_adj(X509_get_notAfter (certificate),  0);
+
+	/* OpenSSL < 1.1.0 */
+	X509_gmtime_adj(X509_get_notBefore(certificate), 0);
+	X509_gmtime_adj(X509_get_notAfter(certificate), 0);
 #endif
 
 	/* Set the public key for our certificate */