Re: BUG #4340: SECURITY: Is SSL Doing Anything?

Magnus Hagander wrote:
> Tom Lane wrote:
> > Magnus Hagander <magnus(at)hagander(dot)net> writes:
> >> The code is there, actually, it's just #ifdef NOT_USED :-) From a *long*
> >> time ago, and the commit message just says "silence compiler warnings",
> >> so I've not managed to figure out why...
> >
> > I think the commit you're looking for is this one:
> >
> > 2002-09-26 00:41 momjian
> >
> > * doc/src/sgml/runtime.sgml, src/backend/libpq/be-secure.c,
> > src/interfaces/libpq/fe-secure.c: Allow SSL to work withouth
> > client-side certificate infrastructure.
> >
> > so you'd probably need to root around in the archives from around then
> > to see why this was considered a good idea.
>
> No, that's not the one. It's the one after that one, at:
>
> http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-secure.c.diff?r1=1.14;r2=1.15
>
> In general, that code needs a look-over, I think. There may be more
> changes required.

I found the reason for the patch; the SSL guy at that time, "Bear",
disappeared, and our code required SSL certificates at that point, so I
removed the requrement:

http://archives.postgresql.org/pgsql-hackers/2002-09/msg01522.php

I will work with Magnus on cleaning this up.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +