diff options
| author | Thomas Munro | 2025-03-19 03:56:19 +0000 |
|---|---|---|
| committer | Thomas Munro | 2025-03-19 03:56:19 +0000 |
| commit | d7e40845f923ed5091b334b1018a547e39846415 (patch) | |
| tree | 5777e50da5ff5bda8b99b14e2f80558ff5d3a4c9 | |
| parent | 434dbf6907ec8fafa6862a0f00385f293e63ac0e (diff) | |
oauth: Disallow synchronous DNS in libcurl
There is concern that a blocking DNS lookup in libpq could stall a
backend process (say, via FDW). Since there's currently no strong
evidence that synchronous DNS is a popular option, disallow it entirely
rather than warning at configure time. We can revisit if anyone
complains.
Per query from Andres Freund.
Author: Jacob Champion <[email protected]>
Discussion: https://postgr.es/m/p4bd7mn6dxr2zdak74abocyltpfdxif4pxqzixqpxpetjwt34h%40qc6jgfmoddvq
| -rw-r--r-- | config/programs.m4 | 10 | ||||
| -rwxr-xr-x | configure | 14 | ||||
| -rw-r--r-- | meson.build | 18 |
3 files changed, 16 insertions, 26 deletions
diff --git a/config/programs.m4 b/config/programs.m4 index 061b13376ac..0a07feb37cc 100644 --- a/config/programs.m4 +++ b/config/programs.m4 @@ -316,7 +316,7 @@ AC_DEFUN([PGAC_CHECK_LIBCURL], [Define to 1 if curl_global_init() is guaranteed to be thread-safe.]) fi - # Warn if a thread-friendly DNS resolver isn't built. + # Fail if a thread-friendly DNS resolver isn't built. AC_CACHE_CHECK([for curl support for asynchronous DNS], [pgac_cv__libcurl_async_dns], [AC_RUN_IFELSE([AC_LANG_PROGRAM([ #include <curl/curl.h> @@ -332,10 +332,10 @@ AC_DEFUN([PGAC_CHECK_LIBCURL], [pgac_cv__libcurl_async_dns=yes], [pgac_cv__libcurl_async_dns=no], [pgac_cv__libcurl_async_dns=unknown])]) - if test x"$pgac_cv__libcurl_async_dns" != xyes ; then - AC_MSG_WARN([ + if test x"$pgac_cv__libcurl_async_dns" = xno ; then + AC_MSG_ERROR([ *** The installed version of libcurl does not support asynchronous DNS -*** lookups. Connection timeouts will not be honored during DNS resolution, -*** which may lead to hangs in client programs.]) +*** lookups. Rebuild libcurl with the AsynchDNS feature enabled in order +*** to use it with libpq.]) fi ])# PGAC_CHECK_LIBCURL diff --git a/configure b/configure index 93fddd69981..559f535f5cd 100755 --- a/configure +++ b/configure @@ -12493,7 +12493,7 @@ $as_echo "#define HAVE_THREADSAFE_CURL_GLOBAL_INIT 1" >>confdefs.h fi - # Warn if a thread-friendly DNS resolver isn't built. + # Fail if a thread-friendly DNS resolver isn't built. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for curl support for asynchronous DNS" >&5 $as_echo_n "checking for curl support for asynchronous DNS... " >&6; } if ${pgac_cv__libcurl_async_dns+:} false; then : @@ -12535,15 +12535,11 @@ fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pgac_cv__libcurl_async_dns" >&5 $as_echo "$pgac_cv__libcurl_async_dns" >&6; } - if test x"$pgac_cv__libcurl_async_dns" != xyes ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: -*** The installed version of libcurl does not support asynchronous DNS -*** lookups. Connection timeouts will not be honored during DNS resolution, -*** which may lead to hangs in client programs." >&5 -$as_echo "$as_me: WARNING: + if test x"$pgac_cv__libcurl_async_dns" = xno ; then + as_fn_error $? " *** The installed version of libcurl does not support asynchronous DNS -*** lookups. Connection timeouts will not be honored during DNS resolution, -*** which may lead to hangs in client programs." >&2;} +*** lookups. Rebuild libcurl with the AsynchDNS feature enabled in order +*** to use it with libpq." "$LINENO" 5 fi fi diff --git a/meson.build b/meson.build index 13c13748e5d..b6daa5b7040 100644 --- a/meson.build +++ b/meson.build @@ -909,9 +909,7 @@ if not libcurlopt.disabled() cdata.set('HAVE_THREADSAFE_CURL_GLOBAL_INIT', 1) endif - # Warn if a thread-friendly DNS resolver isn't built. - libcurl_async_dns = false - + # Fail if a thread-friendly DNS resolver isn't built. if not meson.is_cross_build() r = cc.run(''' #include <curl/curl.h> @@ -931,16 +929,12 @@ if not libcurlopt.disabled() ) assert(r.compiled()) - if r.returncode() == 0 - libcurl_async_dns = true - endif - endif - - if not libcurl_async_dns - warning(''' + if r.returncode() != 0 + error(''' *** The installed version of libcurl does not support asynchronous DNS -*** lookups. Connection timeouts will not be honored during DNS resolution, -*** which may lead to hangs in client programs.''') +*** lookups. Rebuild libcurl with the AsynchDNS feature enabled in order +*** to use it with libpq.''') + endif endif endif |