Skip site navigation (1) Skip section navigation (2)

2nd revision of SSL patches

From: Bear Giles <bgiles(at)coyotesong(dot)com>
To: pgsql-patches(at)postgresql(dot)org
Subject: 2nd revision of SSL patches
Date: 2002-05-21 07:36:09
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-patches
Another uberpatch for the SSL code.

The main improvements over the last revision include:

 *) certs are fully validated - valid root certs must be available.
    This is a hassle, but it means that you *can* trust the identity
    of the server.

 *) the client library can handle hardcoded root certificates, to
    avoid the need to copy these files.

 *) host name of server cert must resolve to IP address, or be a
    recognized alias.  This is more liberal than the previous 

 *) the number of bytes transferred is tracked, and the session
    key is periodically renegotiated.

 *) basic cert generation scripts (,  The
    configuration files have reasonable defaults for each type
    of use.

Remaining issues are:

 *) select() in legacy code?

 *) encrypted private keys

 *) session support (useful if auto-reconnection will be supported)

 *) anonymous DH

 *) fully implemented cert tools


Attachment: tools.tar.gz
Description: application/tar-gzip (3.9 KB)


pgsql-patches by date

Next:From: Peter EisentrautDate: 2002-05-22 00:25:50
Subject: Re: 2nd revision of SSL patches
Previous:From: Bear GilesDate: 2002-05-20 20:03:54
Subject: First cut at SSL documentation

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group