From: | Lars Kanis <kanis(at)comcard(dot)de> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq |
Date: | 2009-06-22 15:03:54 |
Message-ID: | 200906221703.55387.kanis@comcard.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Am Montag, 22. Juni 2009 16:38:32 schrieben Sie:
> Tom Lane wrote:
> > Magnus Hagander <magnus(at)hagander(dot)net> writes:
> >> A question from that then, for others, is it Ok to add a field to the
> >> PGconn structure during RC? :-) It's only in libpq-int.h, but? Comments?
> >
> > Changing PGconn internals doesn't bother me, but ...
> >
> > IIUC this is a pre-existing bug/limitation in an extremely seldom-used
> > feature that we don't have any very good way to test. So I'm not really
> > excited about trying to fix it in RC at all. The chances of breaking
> > something seem much higher than the usefulness of the fix would warrant.
> >
> > I'd suggest holding the matter until 8.5 development opens.
>
> I think we'll see this feature used a lot more now, since we support
> client certificate authentication. I bet that's the reason why Lars is
> using it now, but wasn't using it before. Correct, Lars?
That's right. Because clientside crypto engines and proper certificate
authentication is supported now, I would like to use a strong smartcard-based
login in our high security environment.
> That would be the argument for doing it now. We previously supported
> engines for client certificates, but using client certificates at all
> wasn't very useful in pre-8.4, and that's why it wasn't used almost at
> all. While I don't expect a huge number of users of it in 8.4, I think
> it is a *much* more useful feature now, and thus will be used a lot more.
I could live with the patch during 8.4 cycle. But if we support crypto engines
now, we may do it the way that it really works.
regards
Lars
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2009-06-22 15:46:22 | Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq |
Previous Message | Lars Kanis | 2009-06-22 14:47:48 | Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq |