Re: PQgetssl() and alternative SSL implementations

On Wed, Jan 28, 2015 at 10:13 AM, Heikki Linnakangas
<hlinnakangas(at)vmware(dot)com> wrote:
> Here's a patch to implement the above scheme. It adds four functions to
> libpq, to interrogate the SSL status:
>
> int PQsslInUse(const PGconn *conn)
> Returns true (1) if the connection uses SSL, false (0) if not.
>
> const char *PQsslAttribute(const PGconn *conn, const char *attribute_name)
> Returns a piece of information. The list of attributes depends on the
> implementation, but there are a few that are expected to be supported by all
> of them. See docs for details.
>
> const char **PQsslAttributes(const PGconn *conn);
> Return an array of SSL attribute names available.
>
> void *PQsslStruct(const PGconn *conn, const char *struct_name)
> Return a pointer to an SSL-implementation specific object describing the
> connection. PQsslStruct(conn, "OpenSSL SSL") is equivalent to
> PQgetssl(conn).
>
> I think this is expandable enough, because you can easily add attributes
> later on, and different implementations can support different attributes. It
> contains the escape hatch for applications that need to do more, and have
> intimate knowledge of OpenSSL structs. It's also pretty easy to use.

I like it!

Although I think "OpenSSL SSL" is a little bit duplicatively
redundant. Why not just "OpenSSL"?

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company