Re: pgsql: Break out OpenSSL-specific code to separate files.

On 2014-08-11 09:11:08 +0000, Heikki Linnakangas wrote:
> Break out OpenSSL-specific code to separate files.
>
> This refactoring is in preparation for adding support for other SSL
> implementations, with no user-visible effects. There are now two #defines,
> USE_OPENSSL which is defined when building with OpenSSL, and USE_SSL which
> is defined when building with any SSL implementation. Currently, OpenSSL is
> the only implementation so the two #defines go together, but USE_SSL is
> supposed to be used for implementation-independent code.
>
> The libpq SSL code is changed to use a custom BIO, which does all the raw
> I/O, like we've been doing in the backend for a long time. That makes it
> possible to use MSG_NOSIGNAL to block SIGPIPE when using SSL, which avoids
> a couple of syscall for each send(). Probably doesn't make much performance
> difference in practice - the SSL encryption is expensive enough to mask the
> effect - but it was a natural result of this refactoring.
>
> Based on a patch by Martijn van Oosterhout from 2006. Briefly reviewed by
> Alvaro Herrera, Andreas Karlsson, Jeff Janes.

Any reason for the odd ordering of be_tls_write() in
be-secure-openssl.c? It's:

ssize_t be_tls_write(Port *port, void *ptr, size_t len)
...
/* ------------------------------------------------------------ */
/* OpenSSL specific code */
/* ------------------------------------------------------------ */
...
static int
my_sock_read(BIO *h, char *buf, int size)
...
static int
my_sock_write(BIO *h, const char *buf, int size)
...
...
ssize_t
be_tls_read(Port *port, void *ptr, size_t len)

That doesn't really seem to make sense to me.

Greetings,

Andres Freund

--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services