SSL code fixed

Because the new 7.3 SSL code doesn't work (per Peter), and the author is
not responding, I am about to yank out that code. Peter suggests
ripping out all the new code rather than try to pick around and remove
just the broken parts.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

Bruce Momjian wrote:
>
> Because the new 7.3 SSL code doesn't work (per Peter), and the author is
> not responding, I am about to yank out that code. Peter suggests
> ripping out all the new code rather than try to pick around and remove
> just the broken parts.

Agreed. I allways wondered what SSL DB-connections are good for.

Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being
right. #
# Let's break this rule - forgive
me. #
#==================================================
JanWieck(at)Yahoo(dot)com #

Jan Wieck wrote:
> Bruce Momjian wrote:
> >
> > Because the new 7.3 SSL code doesn't work (per Peter), and the author is
> > not responding, I am about to yank out that code. Peter suggests
> > ripping out all the new code rather than try to pick around and remove
> > just the broken parts.
>
> Agreed. I allways wondered what SSL DB-connections are good for.

I am not going to rip out SSL, just the changes. We do have people who
use SSL quite a bit. Looking at the code, however, I may see an easy
way to allow SSL connections without requiring server certificates. If
that is doable, I may just make that change and let the rest of the code
stay.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

Jan Wieck wrote:
> Bruce Momjian wrote:
> >
> > Because the new 7.3 SSL code doesn't work (per Peter), and the author is
> > not responding, I am about to yank out that code. Peter suggests
> > ripping out all the new code rather than try to pick around and remove
> > just the broken parts.
>
> Agreed. I allways wondered what SSL DB-connections are good for.

I am now in email contact with Bear and he is assisting me in disabling
all certificates for 7.3. The code will be marked as NOT_USED and can
therefore be enables in later relases. He wants to get back this.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

Jan Wieck wrote:
> Bruce Momjian wrote:
> >
> > Because the new 7.3 SSL code doesn't work (per Peter), and the author is
> > not responding, I am about to yank out that code. Peter suggests
> > ripping out all the new code rather than try to pick around and remove
> > just the broken parts.
>
> Agreed. I allways wondered what SSL DB-connections are good for.

OK, I have aplied the following patch to allow SSL to work without
client certificates. There was some confusion in the code because while
the comments said client certificates were not required, the
infrastructure on the client side was required. This patch removes the
requirement, and adds a comment so Bear can make adjustments for 7.4. I
don't think we ever want to _require_ client-side certificates.

I did not remove the code because after quick review I saw that his code
actually filled in areas our pre-7.3 code was missing. I will have him
review this patch and make any adjustments.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073