| From: | Dave Page <dpage(at)postgresql(dot)org> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: OpenSSL Applink |
| Date: | 2007-09-28 21:00:59 |
| Message-ID: | 46FD6B8B.8040308@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Magnus Hagander wrote:
> Dave Page wrote:
>> Dave Page wrote:
>>> Dave Page wrote:
>>>> I did stumble across this text on a mailing list in response to someone
>>>> with a similar problem in some JNI code. I know little of the OpenSSL
>>>> API, but perhaps it rings bells with you before I spend my evening
>>>> trying to figure it out?
>>> OK, I think I've figured out a fix. Working up a patch now...
>> Patch attached.
>
> (sorry, been offline for the day)
>
> Is there any reason not to just do this on *all* platforms, and get rid
> of all the #ifdefs?
Yes, (see the comment in the code). We stat the private key on *nix to
ensure it hasn't changed underneath us which can't be done using the BIO
functions... though I wonder if we can get the FILE pointer from BIO and
do it that way. Should be as safe on *nix as what we currently do.
> I wonder if it might be related to our socket/signal emulation stuff.
> I'd be interested to see what happens with the same code on Unix, but
> sorry, don't have time to test myself - will be offline again tomorrow :-(
NP.
/D
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2007-09-28 21:04:27 | TCL fix in HEAD |
| Previous Message | Magnus Hagander | 2007-09-28 20:48:59 | Re: OpenSSL Applink |