| From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
|---|---|
| To: | Andreas Karlsson <andreas(at)proxel(dot)se>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
| Cc: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Supporting Windows SChannel as OpenSSL replacement |
| Date: | 2014-08-07 11:47:15 |
| Message-ID: | 53E36743.20100@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Here's a new version of the refactoring patch. I've fixed the issues
reported so far.
Upon looking closer at the SIGPIPE stuff in libpq, I realized that we
can remove this line from fe-secure-openssl.c:
> - /* We cannot use MSG_NOSIGNAL to block SIGPIPE when using SSL */
> - conn->sigpipe_flag = false;
That's because all the I/O now goes through our wrapper functions that
do the send/recv, and will use MSG_NOSIGNAL if it's available. That
avoids two syscalls per send. I haven't measured the performance impact
of that - it's probably negligible compared to doing encryption - but
it's still nice to avoid it.
This patch is just refactoring of existing code. It doesn't have any
user-visible changes; the libpq functions that expose OpenSSL stuff are
still intact. Doing something about those are the next phase of this
project.
Please review. I think this is in a good shape, ready for commit.
- Heikki
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Invent-a-new-internal-API-for-interfacing-with-SSL-3.patch | text/x-diff | 157.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Khandekar | 2014-08-07 12:11:21 | Re: delta relations in AFTER triggers |
| Previous Message | Michael Paquier | 2014-08-07 11:35:53 | Re: Proposal: Incremental Backup |