| From: | Alex Shulgin <ash(at)commandprompt(dot)com> |
|---|---|
| To: | Dag-Erling Smørgrav <des(at)des(dot)no> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCH] add ssl_protocols configuration option |
| Date: | 2014-11-26 18:52:46 |
| Message-ID: | 87mw7daj5t.fsf@commandprompt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alex Shulgin <ash(at)commandprompt(dot)com> writes:
>>>
>>> I can do that too, just need a hint where to look at in libpq/psql to
>>> add the option.
>>
>> The place to *enforce* the option is src/interfaces/libpq/fe-secure.c
>> (look for SSLv23_method() and SSL_CTX_set_options()). I haven't looked
>> into how to set it.
>
> Yes, I've figured it out. Guess we'd better share the ssl_protocol
> value parser code between libpq and the backend. Any precedent?
OK, looks like I've come up with something workable: I've added
sslprotocol connection string keyword similar to pre-existing
sslcompression, etc.
Please see attached v2 of the original patch. I'm having doubts about
the name of openssl.h header though, libpq-openssl.h?
--
Alex
| Attachment | Content-Type | Size |
|---|---|---|
| postgresql-master-ssl-protocols-v2.diff | text/x-diff | 20.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2014-11-26 18:52:49 | Re: proposal: plpgsql - Assert statement |
| Previous Message | Maxim Boguk | 2014-11-26 18:48:30 | Re: BUG #12071: Stat collector went crasy (50MB/s constant writes) |