| From: | Merlin Moncure <mmoncure(at)gmail(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PQinitSSL broken in some use casesf |
| Date: | 2009-03-28 13:23:59 |
| Message-ID: | b42b73150903280623i15412a19v105bbbd58efd3caf@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Mar 27, 2009 at 9:38 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> I have applied the attached patch which does several things:
>
> o documents that libssl _and_ libcrypto initialization is
> turned off by PQinitSSL(0)
> o clarified cases where this behavior is important
> o added comments that the CRYPTO_set_* calls reference
> libcrypto, not libssl
>
> I think we can now say that the current behavior is not a bug because it
> is documented, even though the PQinitSSL() function name is inaccurate.
It is still a bug in the sense that it is impossible to properly
initialize crypto features in some scenarios. A doc patch (which I
argued is the best way to go for 8.4) fails to properly raise the
seriousness of the issue and also fails to suggest a workaround.
I think a proper way to document this issue would be something like this:
"
If your application initializes libcrypto, but not libssl, you must
not call PQinitSSL(1) because it will overwrite your libcrypto
initialization. In order to safely use libpq in your application, you
must include ssl headers and call the following functions:
#include <openssl/ssl.h>
#include <openssl/conf.h>
OPENSSL_config(NULL);
SSL_library_init();
SSL_load_error_strings();
PQinitSSL(0);
In order to initialize libpq properly for SSL connections.
"
> I think there is a good argument that PQinitSSL(X) where X > 1 would
> work fine for more fine-grained control. The new libpq init function
> idea was interesting, but having a documented solution for
> WSAStartup()/WSACleanup() usage, we now don't have another libpq init
> use-case so it is hard to suggest a new libpq function.
This feature when discussed at the time was not enough _by itself_ to
support a PQinit feature (I agree with this reasoning), but surely
should be considered as valid supporting evidence that a library
initialization feature is useful. IOW, the whole of the argument is
equal to the sum of its parts. (yes, we have an agenda here: we were
not happy that our events patch could not establish behavior at
library initialization time).
merlin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2009-03-28 13:25:02 | Re: PQinitSSL broken in some use casesf |
| Previous Message | Andrew Gierth | 2009-03-28 11:57:43 | Re: TODO item |