From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Dave Page <dpage(at)postgresql(dot)org> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-patches(at)postgresql(dot)org |
Subject: | Re: OpenSSL Applink |
Date: | 2007-09-29 00:28:09 |
Message-ID: | 22154.1191025689@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-patches |
Dave Page <dpage(at)postgresql(dot)org> writes:
> Magnus Hagander wrote:
>> Is there any reason not to just do this on *all* platforms, and get rid
>> of all the #ifdefs?
> Yes, (see the comment in the code). We stat the private key on *nix to
> ensure it hasn't changed underneath us which can't be done using the BIO
> functions... though I wonder if we can get the FILE pointer from BIO and
> do it that way. Should be as safe on *nix as what we currently do.
Perhaps you could still open the file yourself, and use BIO_new_fp()
instead of BIO_new_file()? I'm not getting responses from openssl.org
at the moment, but here's another copy of the relevant man page:
http://developer.apple.com/documentation/Darwin/Reference/Manpages/man3/BIO_s_file.3ssl.html
I concur with Magnus that it'll be better if there's not two code paths
here. It's not entirely clear whether BIO_new_fp() would avoid the
problematic calls, but it doesn't look like it'd be hard to try.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2007-09-29 02:21:35 | Re: pgcrypto: fix for broken solaris openssl, v03 |
Previous Message | Bruce Momjian | 2007-09-29 00:15:57 | Re: Hash Index Build Patch |