| From: | momjian(at)postgresql(dot)org (Bruce Momjian) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Remove unused function SSL_CTX_set_tmp_dh_callback() from libpq: |
| Date: | 2006-04-27 00:36:34 |
| Message-ID: | 20060427003634.F41F111F624C@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Log Message:
-----------
Remove unused function SSL_CTX_set_tmp_dh_callback() from libpq:
In the SSL code in libpq it does some processing with DH parameters:
SSL_CTX_set_tmp_dh_callback()
This function is marked as server use only[1], the client always uses
the DH parameters in the server, so all the code in the client dealing
with the DH parameters is useless. This patch removes it.
It's not clear why the code was added in the first place, it's been
there almost since the beginning[2]. At the time there was a suggestion
of merging the front-end and backend SSL code, but looking at the
changes since, that seems unlikely.
As a further example, the s_server program allows you to specify DH
params, but s_client doesn't. In the GnuTLS documentation under
gnutls_dh_params_generate2() it says[3]:
Also note that the DH parameters are only useful to servers. Since
clients use the parameters sent by the server, it's of no use to call
this in client side.
Modified Files:
--------------
pgsql/src/interfaces/libpq:
fe-secure.c (r1.75 -> r1.76)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-secure.c.diff?r1=1.75&r2=1.76)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-04-27 00:46:59 | pgsql: If we're going to expose VariableStatData for contrib modules to |
| Previous Message | Bruce Momjian | 2006-04-27 00:33:55 | pgsql: Use schema search path to find the first matching contraint name |