From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: PQgetssl() and alternative SSL implementations |
Date: | 2015-01-28 16:50:33 |
Message-ID: | CA+TgmoYrAH=o8m9959O_TgHm7OcK9C=f3WJfUHryb4pzu5uZ0A@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Jan 28, 2015 at 10:13 AM, Heikki Linnakangas
<hlinnakangas(at)vmware(dot)com> wrote:
> Here's a patch to implement the above scheme. It adds four functions to
> libpq, to interrogate the SSL status:
>
> int PQsslInUse(const PGconn *conn)
> Returns true (1) if the connection uses SSL, false (0) if not.
>
> const char *PQsslAttribute(const PGconn *conn, const char *attribute_name)
> Returns a piece of information. The list of attributes depends on the
> implementation, but there are a few that are expected to be supported by all
> of them. See docs for details.
>
> const char **PQsslAttributes(const PGconn *conn);
> Return an array of SSL attribute names available.
>
> void *PQsslStruct(const PGconn *conn, const char *struct_name)
> Return a pointer to an SSL-implementation specific object describing the
> connection. PQsslStruct(conn, "OpenSSL SSL") is equivalent to
> PQgetssl(conn).
>
> I think this is expandable enough, because you can easily add attributes
> later on, and different implementations can support different attributes. It
> contains the escape hatch for applications that need to do more, and have
> intimate knowledge of OpenSSL structs. It's also pretty easy to use.
I like it!
Although I think "OpenSSL SSL" is a little bit duplicatively
redundant. Why not just "OpenSSL"?
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2015-01-28 16:58:47 | Re: PQgetssl() and alternative SSL implementations |
Previous Message | Stephen Frost | 2015-01-28 16:19:34 | Re: WITH CHECK and Column-Level Privileges |