Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Lars Kanis <kanis(at)comcard(dot)de>, Magnus Hagander <magnus(at)hagander(dot)net>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq
Date: 2009-06-22 15:46:22
Message-ID: 18926.1245685582@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Lars Kanis <kanis(at)comcard(dot)de> writes:
> Am Montag, 22. Juni 2009 16:38:32 schrieben Sie:
>> Tom Lane wrote:
>>> IIUC this is a pre-existing bug/limitation in an extremely seldom-used
>>> feature that we don't have any very good way to test. So I'm not really
>>> excited about trying to fix it in RC at all. The chances of breaking
>>> something seem much higher than the usefulness of the fix would warrant.

>> I think we'll see this feature used a lot more now, since we support
>> client certificate authentication. I bet that's the reason why Lars is
>> using it now, but wasn't using it before. Correct, Lars?

> That's right. Because clientside crypto engines and proper certificate
> authentication is supported now, I would like to use a strong smartcard-based
> login in our high security environment.

OK, but I'm still worried about making a change of this sort (ie,
modifying our interface to code that we don't control) so late in the
release cycle. It seems like there is large potential for failure in
contexts other than the one or two you are going to be able to test
right now. Is there anything that can be done to reduce the risk?

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2009-06-22 16:05:12 Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq
Previous Message Lars Kanis 2009-06-22 15:03:54 Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq