| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Alex Hunsaker <badalex(at)gmail(dot)com>, Andrew Chernow <ac(at)esilo(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: new libpq SSL connection option |
| Date: | 2008-12-09 15:17:29 |
| Message-ID: | 15055.1228835849@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> I would also like to look this over completely - we only support loading
> the KEY from the smartcard, but you still have to manually copy the
> certificate to your machine. I don't know exactly how you're supposed to
> do this in OpenSSL - some googling shows almost nobody else uses the
> functions quite the way we do. So I'd like to look over if we need to do
> more around this later, but this patch should make it possible to use
> keys from different files without breaking backwards compatibility with
> what we had before. So I'm considering that a separate step, that may
> not be done in time for 8.4.
I'm confused here. Are you proposing user-visible changes that might
not get done in time for 8.4? I don't much like the idea that the API
is going to remain a moving target --- once 8.4 is out you will have
backwards compatibility constraints with whatever it does. It would
be better to avoid extending the feature set beyond what 8.3 can do
until you are certain it's right.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2008-12-09 15:17:30 | SSL BIO wrappers |
| Previous Message | Tom Lane | 2008-12-09 15:12:01 | Re: Multiplexing SUGUSR1 |