Refactor OpenSSL initialization and certificate date adjustment for improved clarity and consistency

2025-05-16 13:14:19 +00:00 · 2025-05-16 13:14:19 +00:00 · 3e401a75dc
parent a70baadecb
commit 3e401a75dc
2 changed files with 22 additions and 18 deletions
--- a/src/backend/distributed/metadata/node_metadata.c
+++ b/src/backend/distributed/metadata/node_metadata.c
@ -2970,11 +2970,11 @@ DeleteNodeRow(char *nodeName, int32 nodePort)
 	/* PG 18+ adds a bool “deferrable_ok” parameter */
 	Relation replicaIndex =
 		index_open(RelationGetPrimaryKeyIndex(pgDistNode, false),
-				   RowExclusiveLock);
+				   AccessShareLock);
 #else
 	Relation replicaIndex =
 		index_open(RelationGetPrimaryKeyIndex(pgDistNode),
-				   RowExclusiveLock);
+				   AccessShareLock);
 #endif


--- a/src/backend/distributed/utils/enable_ssl.c
+++ b/src/backend/distributed/utils/enable_ssl.c
@ -239,18 +239,20 @@ CreateCertificatesWhenNeeded()
 	SSL_CTX *sslContext = NULL;

 	/*
-	* Ensure the OpenSSL library is initialized so we can create our SSL context.
-	* On OpenSSL ≥ 1.1.0 we call OPENSSL_init_ssl() (which also loads the default
-	* config), and on older versions we fall back to SSL_library_init().
-	* PostgreSQL itself will perform its full SSL setup when it reloads
-	* its configuration with ssl enabled.
-	*/
+	 * Ensure the OpenSSL library is initialized so we can create our SSL context.
+	 * On OpenSSL ≥ 1.1.0 we call OPENSSL_init_ssl() (which also loads the default
+	 * config), and on older versions we fall back to SSL_library_init().
+	 * PostgreSQL itself will perform its full SSL setup when it reloads
+	 * its configuration with ssl enabled.
+	 */
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
-    /* OpenSSL 1.1.0+ */
-    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
+	/* OpenSSL 1.1.0+ */
+	OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
 #else
-    /* OpenSSL < 1.1.0 */
-    SSL_library_init();
+
+	/* OpenSSL < 1.1.0 */
+	SSL_library_init();
 #endif

 	sslContext = SSL_CTX_new(SSLv23_method());
@ -383,13 +385,15 @@ CreateCertificate(EVP_PKEY *privateKey)
 	 * expiration date and then suddenly erroring out.
 	 */
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
-    /* OpenSSL 1.1.0+ */
-    X509_gmtime_adj(X509_getm_notBefore(certificate), 0);
-    X509_gmtime_adj(X509_getm_notAfter (certificate),  0);
+
+	/* OpenSSL 1.1.0+ */
+	X509_gmtime_adj(X509_getm_notBefore(certificate), 0);
+	X509_gmtime_adj(X509_getm_notAfter(certificate), 0);
 #else
-    /* OpenSSL < 1.1.0 */
-    X509_gmtime_adj(X509_get_notBefore(certificate), 0);
-    X509_gmtime_adj(X509_get_notAfter (certificate),  0);
+
+	/* OpenSSL < 1.1.0 */
+	X509_gmtime_adj(X509_get_notBefore(certificate), 0);
+	X509_gmtime_adj(X509_get_notAfter(certificate), 0);
 #endif

 	/* Set the public key for our certificate */