| From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)2ndquadrant(dot)com> |
| Cc: | <pgsql-committers(at)postgresql(dot)org> |
| Subject: | Re: pgsql: Break out OpenSSL-specific code to separate files. |
| Date: | 2014-08-18 10:17:20 |
| Message-ID: | 53F1D2B0.80301@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
On 08/17/2014 03:15 PM, Andres Freund wrote:
> On 2014-08-11 09:11:08 +0000, Heikki Linnakangas wrote:
>> Break out OpenSSL-specific code to separate files.
>>
>> This refactoring is in preparation for adding support for other SSL
>> implementations, with no user-visible effects. There are now two #defines,
>> USE_OPENSSL which is defined when building with OpenSSL, and USE_SSL which
>> is defined when building with any SSL implementation. Currently, OpenSSL is
>> the only implementation so the two #defines go together, but USE_SSL is
>> supposed to be used for implementation-independent code.
>>
>> The libpq SSL code is changed to use a custom BIO, which does all the raw
>> I/O, like we've been doing in the backend for a long time. That makes it
>> possible to use MSG_NOSIGNAL to block SIGPIPE when using SSL, which avoids
>> a couple of syscall for each send(). Probably doesn't make much performance
>> difference in practice - the SSL encryption is expensive enough to mask the
>> effect - but it was a natural result of this refactoring.
>>
>> Based on a patch by Martijn van Oosterhout from 2006. Briefly reviewed by
>> Alvaro Herrera, Andreas Karlsson, Jeff Janes.
>
> Any reason for the odd ordering of be_tls_write() in
> be-secure-openssl.c? It's:
>
> ssize_t be_tls_write(Port *port, void *ptr, size_t len)
> ...
> /* ------------------------------------------------------------ */
> /* OpenSSL specific code */
> /* -----------------------git------------------------------------- */
> ...
> static int
> my_sock_read(BIO *h, char *buf, int size)
> ...
> static int
> my_sock_write(BIO *h, const char *buf, int size)
> ...
> ...
> ssize_t
> be_tls_read(Port *port, void *ptr, size_t len)
>
> That doesn't really seem to make sense to me.
No, you're right. It grew out that way from the original order of the
functions in be-secure.c, but it doesn't make sense as it is. I have now
moved all the public interface functions to the top and the static
functions to the bottom.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2014-08-18 10:54:31 | pgsql: Revert psql changes to support wrapped expanded mode. That featu |
| Previous Message | Heikki Linnakangas | 2014-08-18 10:17:11 | pgsql: Reorganize functions in be-secure-openssl.c |