From: | Bear Giles <bgiles(at)coyotesong(dot)com> |
---|---|
To: | pgsql-patches(at)postgresql(dot)org |
Subject: | SSL (patch 1) |
Date: | 2002-05-24 19:17:14 |
Message-ID: | 200205241917.NAA25830@eris.coyotesong.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-patches |
First of many patches on SSL code. The first patch just sets
the groundwork for future patches by pulling all SSL-specific
(and by implication all secure session) code into two new files,
be-secure.c and fe-secure.c
These files also contain a temporary checklist of pending patches:
* PATCH LEVEL
* milestone 1: fix basic coding errors
* [*] existing SSL code pulled out of existing files.
* [ ] SSL_get_error() after SSL_read() and SSL_write(),
* SSL_shutdown(), default to TLSv1.
*
* milestone 2: provide endpoint authentication (server)
* [ ] client verifies server cert
* [ ] client verifies server hostname
*
* milestone 3: improve confidentially, support perfect forward secrecy
* [ ] use 'random' file, read from '/dev/urandom?'
* [ ] emphermal DH keys, default values
*
* milestone 4: provide endpoint authentication (client)
* [ ] server verifies client certificates
*
* milestone 5: provide informational callbacks
* [ ] provide informational callbacks
*
* other changes
* [ ] tcp-wrappers
* [ ] more informative psql
Finally, because of the large number of patches (instead of a
monoblock patch) I'm managing them with CVS. Sorry about the
$Id$ and $Header$ in the diff....
Bear
Attachment | Content-Type | Size |
---|---|---|
patch1 | text/plain | 33.0 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Joe Conway | 2002-05-24 22:44:37 | Re: SRF rescan testing |
Previous Message | Kenneth Been | 2002-05-24 16:11:45 | rtree memory leak patch |