Re: [PATCH v10] GSSAPI encryption support

From: Robbie Harwood <rharwood(at)redhat(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [PATCH v10] GSSAPI encryption support
Date: 2016-04-01 03:31:33
Views: Raw Message | Whole Thread | Download mbox
Lists: pgsql-hackers

Hello friends,

Here is another version of GSSAPI encryption support, both on this email
and on my github:

This version is intended to address Michael's review:

- Fixed Windows build. Thanks to Michael for patches.

- Fixed buffering of large replies on the serverside. This should fix
the traceback that was being seen. The issue had to do with the
difference between the server and client calling conventions for the
_read and _write functions.

- gss_enc_require renamed to gss_require_encrypt. Slightly longer, but
half the stomach churn.

- Move gss_encrypt out of the GUCs and into connection-specific logic.
Thanks to Tom Lane for pointing me in the right direction here.

- Replace writev() with two calls to _raw_write(). I'm not attached to
this design; if someone has a preference for allocating a buffer and
making a single write from that, I could be persuaded. I don't know
what the performance tradeoffs are.

- Typo fixes. I need to figure out spellchecking in my editor.

- More use of <acronym>.

- Change _should_crypto() functions to return bool. Also rename them to
be the _should_encrypt functions.

- Error message cleanup.


Attachment Content-Type Size
v10-0001-Move-common-GSSAPI-code-into-its-own-files.patch text/x-diff 15.1 KB
v10-0002-Connection-encryption-support-for-GSSAPI.patch text/x-diff 42.5 KB
v10-0003-GSSAPI-authentication-cleanup.patch text/x-diff 6.7 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Amit Kapila 2016-04-01 03:31:46 Re: Parallel Queries and PostGIS
Previous Message Petr Jelinek 2016-04-01 03:13:41 Re: Re: [COMMITTERS] pgsql: Enable logical slots to follow timeline switches