| From: | Merlin Moncure <mmoncure(at)gmail(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Andrew Chernow <ac(at)esilo(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PQinitSSL broken in some use casesf |
| Date: | 2009-02-10 15:13:24 |
| Message-ID: | b42b73150902100713mdbfd64ah706ced5170897a59@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Feb 10, 2009 at 9:32 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>> How we worked around it:
>> We solved it by copying the SSL init sequence from fe-secure.c. Doesn't
>> seem like something that would change very often. So we
>> init_our_library(), PQinitSSL(0) and then do a few lines of SSL init stuff.
>
> Seems unusual, but certainly not "nearly impossible". But we're back to
> the discussions around the WSA code - our API provides no really good
> place to do this, so perhaps we should just clearly document how it's
> done and how to work around it?
I'm not so sure that's appropriate in this case. I think the existing
libpq behavior is simply wrong...crypto and ssl are two separate
libraries and PQinitSSL does not expose the necessary detail. This is
going to break apps in isolated but spectacular fashion when they link
to both pq and crypto for different reasons.
maybe invent a special value to PQinitSSL for ssl only init?
merlin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-02-10 15:18:11 | Re: WIP: fix SET WITHOUT OIDS, add SET WITH OIDS |
| Previous Message | SHARMILA JOTHIRAJAH | 2009-02-10 15:07:42 | Good Delimiter for copy command |