Skip site navigation (1) Skip section navigation (2)

Re: [PATCH] Remove useless DH param code on client side

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Martijn van Oosterhout <kleptog(at)svana(dot)org>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: [PATCH] Remove useless DH param code on client side
Date: 2006-04-27 00:36:45
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-patches
Patch applied.  Thanks.


Martijn van Oosterhout wrote:
-- Start of PGP signed section.
> In the SSL code in libpq it does some processing with DH parameters:
> SSL_CTX_set_tmp_dh_callback()
> This function is marked as server use only[1], the client always uses
> the DH parameters in the server, so all the code in the client dealing
> with the DH parameters is useless. This patch removes it.
> It's not clear why the code was added in the first place, it's been
> there almost since the beginning[2]. At the time there was a suggestion
> of merging the front-end and backend SSL code, but looking at the
> changes since, that seems unlikely.
> As a further example, the s_server program allows you to specify DH
> params, but s_client doesn't. In the GnuTLS documentation under
> gnutls_dh_params_generate2() it says[3]:
>   Also note that the DH parameters are only useful to servers. Since
>   clients use the parameters sent by the server, it's of no use to call
>   this in client side.
> Have a nice day,
> [1]
> [2]
> [3]
> -- 
> Martijn van Oosterhout   <kleptog(at)svana(dot)org>
> > Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> > tool for doing 5% of the work and then sitting around waiting for someone
> > else to do the other 95% so you can sue them.

[ Attachment, skipping... ]
-- End of PGP section, PGP failed!

  Bruce Momjian

  + If your life is a hard drive, Christ can be your backup. +

In response to

pgsql-patches by date

Next:From: Bruce MomjianDate: 2006-04-27 00:55:01
Subject: Re: [PATCH] Fix declaration of PQgetssl
Previous:From: Bruce MomjianDate: 2006-04-27 00:34:54
Subject: Re: schema-qualified SET CONSTRAINTS

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group