Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq

From: Lars Kanis <kanis(at)comcard(dot)de>
To: Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq
Date: 2009-06-22 15:03:54
Message-ID: 200906221703.55387.kanis@comcard.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Am Montag, 22. Juni 2009 16:38:32 schrieben Sie:
> Tom Lane wrote:
> > Magnus Hagander <magnus(at)hagander(dot)net> writes:
> >> A question from that then, for others, is it Ok to add a field to the
> >> PGconn structure during RC? :-) It's only in libpq-int.h, but? Comments?
> >
> > Changing PGconn internals doesn't bother me, but ...
> >
> > IIUC this is a pre-existing bug/limitation in an extremely seldom-used
> > feature that we don't have any very good way to test. So I'm not really
> > excited about trying to fix it in RC at all. The chances of breaking
> > something seem much higher than the usefulness of the fix would warrant.
> >
> > I'd suggest holding the matter until 8.5 development opens.
>
> I think we'll see this feature used a lot more now, since we support
> client certificate authentication. I bet that's the reason why Lars is
> using it now, but wasn't using it before. Correct, Lars?
That's right. Because clientside crypto engines and proper certificate
authentication is supported now, I would like to use a strong smartcard-based
login in our high security environment.

> That would be the argument for doing it now. We previously supported
> engines for client certificates, but using client certificates at all
> wasn't very useful in pre-8.4, and that's why it wasn't used almost at
> all. While I don't expect a huge number of users of it in 8.4, I think
> it is a *much* more useful feature now, and thus will be used a lot more.

I could live with the patch during 8.4 cycle. But if we support crypto engines
now, we may do it the way that it really works.

regards
Lars

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2009-06-22 15:46:22 Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq
Previous Message Lars Kanis 2009-06-22 14:47:48 Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq