| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: A successor for PQgetssl |
| Date: | 2006-04-17 17:46:22 |
| Message-ID: | 20060417174622.GE19191@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Apr 17, 2006 at 12:24:40PM -0400, Stephen Frost wrote:
> * Martijn van Oosterhout (kleptog(at)svana(dot)org) wrote:
> > Seriously, if people want to do really sophisticated things with the
> > SSL library, they should setup s_tunnel instead. If we wanted to let
>
> I certainly agree with all the rest but I'm just not sure I can agree
> with you here. While s_tunnel is nice it's not always an option and I
> think it *would* be nice to have Postgres support things like CRLs and
> OCSP but more from the server-side of things than the client-side.
CRLs are easy, almost a one line change. I was actually surprised it
wasn't done but I didn't add it because I figured someone had left it
out for a reason.
OCSP is something else. And in any case, you don't need a result of
PQgetssl() to use it since it's a completely seperate part of the
library.
But neither of these are what I considered "sophisticated". I don't
think either of these require any API changes either.
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2006-04-17 17:48:27 | Re: Parser |
| Previous Message | Tom Lane | 2006-04-17 16:47:13 | Re: Is full_page_writes=off safe in conjunction with PITR? |