First of many patches on SSL code. The first patch just sets
the groundwork for future patches by pulling all SSL-specific
(and by implication all secure session) code into two new files,
be-secure.c and fe-secure.c
These files also contain a temporary checklist of pending patches:
* PATCH LEVEL
* milestone 1: fix basic coding errors
* [*] existing SSL code pulled out of existing files.
* [ ] SSL_get_error() after SSL_read() and SSL_write(),
* SSL_shutdown(), default to TLSv1.
* milestone 2: provide endpoint authentication (server)
* [ ] client verifies server cert
* [ ] client verifies server hostname
* milestone 3: improve confidentially, support perfect forward secrecy
* [ ] use 'random' file, read from '/dev/urandom?'
* [ ] emphermal DH keys, default values
* milestone 4: provide endpoint authentication (client)
* [ ] server verifies client certificates
* milestone 5: provide informational callbacks
* [ ] provide informational callbacks
* other changes
* [ ] tcp-wrappers
* [ ] more informative psql
Finally, because of the large number of patches (instead of a
monoblock patch) I'm managing them with CVS. Sorry about the
$Id$ and $Header$ in the diff....
pgsql-patches by date
|Next:||From: Joe Conway||Date: 2002-05-24 22:44:37|
|Subject: Re: SRF rescan testing|
|Previous:||From: Kenneth Been||Date: 2002-05-24 16:11:45|
|Subject: rtree memory leak patch|