| From: | Magnus Hagander <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "'Tom Lane'" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | RE: [HACKERS] Re: SSL patch |
| Date: | 1999-07-24 16:10:25 |
| Message-ID: | 215896B6B5E1CF11BC5600805FFEA82101F70B70@sirius.edu.sollentuna.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Saturday, July 24, 1999 5:37 PM, Tom Lane [SMTP:tgl(at)sss(dot)pgh(dot)pa(dot)us] wrote:
> I wrote:
> > [ a bunch of stuff ]
>
> After looking into this morning's patches digest, I see that half of
> this already occurred to you :-).
>
> I'd still suggest extending the client to fall back to non-SSL if the
> server rejects the connection (unless it is told by the application
> that it must make an SSL connection). Then there's no compatibility
> problem at all, even for mix-and-match SSL-enabled and not-SSL-enabled
> clients and servers.
That sounds like a good thing to do.
As it is right now, it should work in all combinations except a 6.6 client
compiled with SSL support connecting to a pre-6.6 server. It already
falls-back if the server is 6.6 (without SSL support). And the 6.6 client
compiled without SSL works.
There is not yet a way in the client to specify that SSL connection is
required (it can be specified on the server). I'm planning to put that in,
but I thought it would be good to get the "base code" approved first - which
proved to be a good thing :-)
I'll see if I can wrap something up before I leave on vacation (leaving
pretty soon, be gone about a week). Not sure I'll make it, though. Should I
do this as a patch against what I have now, or keep sending in "the one big
patch"?
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 1999-07-24 16:29:06 | Re: [SQL] inserts/updates problem under stressing ! |
| Previous Message | Tom Lane | 1999-07-24 15:54:24 | Re: [HACKERS] SIGSEGV on CREATE FUNCTION with plpgsql |