Skip site navigation (1) Skip section navigation (2)

[PATCH] Add support for GnuTLS

From: Martijn van Oosterhout <kleptog(at)svana(dot)org>
To: pgsql-patches(at)postgresql(dot)org
Subject: [PATCH] Add support for GnuTLS
Date: 2006-05-04 13:48:07
Message-ID: 20060504134807.GK4752@svana.org (view raw or flat)
Thread:
Lists: pgsql-patches
This patch does the following:

- Provide GnuTLS support beside OpenSSL in both the frontend and
  backend. Which is used is decided by the configure options
  --with-openssl and --with-gnutls. They are mutually exclusive.

- When psql starts up the message has been altered to include details
  about the library. For example either of:

SSL connection established: GnuTLS (version 1.0.16), encryption DHE_RSA_AES_256_CBC_SHA
SSL connection established: OpenSSL (version OpenSSL 0.9.7e 25 Oct 2004), encryption DHE-RSA-AES256-SHA

- psql is now SSL library agnostic. It can display the above info
  whether or not the SSL library was available at compile time. All
  that matters is what the libpq library was compiled against.

- Provides a new function in libpq called PQgettlsinfo(). This returns
  a resultset containing the most useful details of the SSL connection,
  if any.

- A new command has been added to psql, \ssl, which displays all the
  information available via PQgettlsinfo().

- Provides a new function in libpq called PQsetPassthrough(). Once this
  function has been called on an idle connection, its state changes to
  CONNECTION_PASSTHROUGH. The usual query functions PQsend*, PQexec*,
  PQconsumeinput and others are blocked. All further communication must
  be by the user via the send/receive functions given. The only way to
  undo this is via PQreset or PQfinish.

Backward compatability issues:

- Applications using libpq to establish the connection and then 
  reading/writing the socket directly may have unexpected results if
  the client is compiled against GnuTLS. The prior versions of libpq
  provided no way of identifying the SSL library is use. However, they
  will *not* crash.

  These applications have two options. They can use the new
  PQgettlsinfo() to determine which library libpq is using. They can
  then elect to disable SSL support via the sslmode option to avoid the
  issue.  Alternately, they can use the new PQsetPassthough() function
  to retreive the necessary information to communicate directly.

  In the latter case, the application does not need to check the
  library in use, libpq will work transparently for all possibilities.

Documentation will be provided assuming the above is considered
satisfactory for inclusion without major changes.

The attached diff does not include the diff of "configure" because I'm
evidently running a different version and result was 200KB of useless
stuff. The full patch is available here:

http://svana.org/kleptog/temp/gnutls.patch

Just running autoconf on the local machine should also work.

Have a nice day,
-- 
Martijn van Oosterhout   <kleptog(at)svana(dot)org>   http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.

Responses

pgsql-patches by date

Next:From: Fabien COELHODate: 2006-05-04 15:10:11
Subject: cast bytea to/from bit strings
Previous:From: Martijn van OosterhoutDate: 2006-05-04 10:43:47
Subject: [PATCH] Have configure complain about unknown options

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group