Skip site navigation (1) Skip section navigation (2)

SSL Patch - again :-)

From: Magnus Hagander <mha(at)sollentuna(dot)net>
To: "'Peter Eisentraut'" <peter_e(at)gmx(dot)net>, "'Tom Lane'" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: "'pgsql-patches(at)postgresql(dot)org'" <pgsql-patches(at)postgresql(dot)org>
Subject: SSL Patch - again :-)
Date: 2000-08-20 14:25:03
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-patches
Ok, here is another one :-)

* The function sslinfo() has been removed from the backend.
* I changed the meaning of "-l" from "Listen to only SSL" to
  "Disable SSL". It seems safe to me to do this since the 
  previous function of "-l" never worked anyway.
  Using this switch, you can start the postmaster without
  having the secret key and the certificate file in place.
* I added accessor function "SSL *PQgetssl(void)" to libpq,
  to get the SSL structure. Any functions from OpenSSL can
  then be used on this returned structure to get information.
* Made psql use this PQgetssl() function after initial
  connection to report SSL status (only if enabled, of course)
* Added connection option "requiressl" backed by environment
  variable PGREQUIRESSL. If set to "1", libpq will refuse to
  connect to a server that does not support SSL. (This must be
  handled during the conneection process, and can *not* be
  handled in the client application afterwards. If it were
  to be handled by the application and you were using password
  authenticatino, the password would be sent (by libpq) over an
  unencrypted connection before you had a chance to reject it)
* Fixed an error message that referred to version 6.6 - it was
  never released as 6.6, but as 7.0... :-)
* Patch is using "diff -cr" this time. I hope I understood
  correctly what you wanted.

Right now, the only way to set "requiressl" for psql is to use
an environment variable. I'd like it to be possible to do this 
using the commandline for example, probably using a "psql variable". 
But that would require changing psql to use PQconnectDb() instead 
of PQsetdbLogin(), so I figured I should check first :-) [BTW, 
PQconnectDb() is the recommended way of doing it nowadays, right?]

Documentation is coming up, but I figured I should get the actual
code approved and applied first, so I don't document something
that I later have to change :-)


Attachment: ssl_patch
Description: application/octet-stream (13.0 KB)

pgsql-patches by date

Next:From: Stephan SzaboDate: 2000-08-20 18:19:56
Subject: More FK constraint stuff
Previous:From: Peter EisentrautDate: 2000-08-19 23:06:14
Subject: Re: [PATCHES] Patch - SSL back to working

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group