| From: | Dave Page <dpage(at)postgresql(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: OpenSSL Applink |
| Date: | 2007-09-28 16:26:35 |
| Message-ID: | 46FD2B3B.3000605@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Tom Lane wrote:
> Dave Page <dpage(at)postgresql(dot)org> writes:
>> Andrew Dunstan wrote:
>>> Then I think I'd rather disable use of client certs for the offending
>>> openssl versions in libpq, or let the apps die and refer the customers
>>> to the openssl people to lobby them for a sane solution.
>
>> If this were 8.0 I'd agree, but thats not a nice solution for those
>> already using client certs (such as the pgAdmin user who brought this to
>> my attention).
>
> Doesn't really matter. Even if we were willing to hack our own client
> apps like that (which I'm not), we can *not* transfer such a requirement
> onto every libpq-using application. It's just not acceptable.
*We're* not transfering any requirement. I've fixed pgAdmin for example
without any need to touch any Postgres code. If you don't want to
include the fix (which I can quite understand) it'll just mean that the
PG utilities won't work with client certs.
/D
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marko Kreen | 2007-09-28 16:26:46 | Re: OpenSSL Applink |
| Previous Message | Tom Lane | 2007-09-28 16:13:32 | Re: OpenSSL Applink |