Re: 8.0 Beta3 worked, RC1 didn't!

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Michael Fuhr <mike(at)fuhr(dot)org>
Cc: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, "Magnus Hagander" <mha(at)sollentuna(dot)net>, "A(dot) Mous" <a(dot)mous(at)shaw(dot)ca>, pgsql-general(at)postgresql(dot)org
Subject: Re: 8.0 Beta3 worked, RC1 didn't!
Date: 2004-12-22 16:05:52
Message-ID: 4200.1103731552@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Michael Fuhr <mike(at)fuhr(dot)org> writes:
> Was there a change affecting client certificate handling a couple
> of months ago?

Yes, but it was pre-beta3.

However, this being on Windows ... I don't think the SSL code was
enabled at all in the Windows port as of beta3. I find this post-beta3
CVS log entry:

2004-10-06 05:35 momjian

* configure, configure.in, src/backend/libpq/be-secure.c,
src/backend/port/win32/socket.c,
src/backend/postmaster/postmaster.c, src/include/pg_config.h.in,
src/include/port/win32.h: Here is a patch to fix win32 ssl builds.
Summary of changes:

* Links with -leay32 and -lssleay32 instead of crypto and ssl. On
win32, "crypto and ssl" is only used for static linking.

* Initializes SSL in the backend and not just in the postmaster. We
cannot pass the SSL context from the postmaster through the
parameter file, because it contains function pointers.

* Split one error check in be-secure.c. Previously we could not
tell which of three calls actually failed. The previous code also
returned incorrect error messages if SSL_accept() failed - that
function needs to use SSL_get_error() on the return value, can't
just use the error queue.

* Since the win32 implementation uses non-blocking sockets "behind
the scenes" in order to deliver signals correctly, implements a
version of SSL_accept() that can handle this. Also, add a wait
function in case SSL_read or SSL_write() needs more data.

Magnus Hagander

It seems likely to me that the Windows SSL code may still be a brick or
two shy of a load ...

regards, tom lane

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Alvaro Herrera 2004-12-22 16:06:47 Re: Problem with Select output
Previous Message Steve Wampler 2004-12-22 16:01:22 Re: postgresql.conf