| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Dave Page <dpage(at)postgresql(dot)org> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: OpenSSL Applink |
| Date: | 2007-09-29 00:28:09 |
| Message-ID: | 22154.1191025689@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Dave Page <dpage(at)postgresql(dot)org> writes:
> Magnus Hagander wrote:
>> Is there any reason not to just do this on *all* platforms, and get rid
>> of all the #ifdefs?
> Yes, (see the comment in the code). We stat the private key on *nix to
> ensure it hasn't changed underneath us which can't be done using the BIO
> functions... though I wonder if we can get the FILE pointer from BIO and
> do it that way. Should be as safe on *nix as what we currently do.
Perhaps you could still open the file yourself, and use BIO_new_fp()
instead of BIO_new_file()? I'm not getting responses from openssl.org
at the moment, but here's another copy of the relevant man page:
http://developer.apple.com/documentation/Darwin/Reference/Manpages/man3/BIO_s_file.3ssl.html
I concur with Magnus that it'll be better if there's not two code paths
here. It's not entirely clear whether BIO_new_fp() would avoid the
problematic calls, but it doesn't look like it'd be hard to try.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-09-29 02:21:35 | Re: pgcrypto: fix for broken solaris openssl, v03 |
| Previous Message | Bruce Momjian | 2007-09-29 00:15:57 | Re: Hash Index Build Patch |