From: | Heikki Linnakangas <heikki(at)enterprisedb(dot)com> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Dave Page <dpage(at)postgresql(dot)org>, Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-patches(at)postgresql(dot)org |
Subject: | Re: OpenSSL Applink |
Date: | 2007-10-03 17:00:20 |
Message-ID: | 4703CAA4.1010603@enterprisedb.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-patches |
Magnus Hagander wrote:
> Tom Lane wrote:
>> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>>> On Mon, Oct 01, 2007 at 10:51:01AM -0400, Tom Lane wrote:
>>>> I'd vote for backpatching, but only as far as 8.2, seeing that we're
>>>> abandoning the older branches on Windows.
>>> Should we backpatch a version of it to previous versions that does just the
>>> error stack manipulation, or just ignore on the grounds that nobody has
>>> reported the problem there (it's there, but it's a lot more narrow - I know
>>> it's there, but I havent' been able to provoket it due to not knowing
>>> enough about setting up certificate chains and such)
>> That's only a cosmetic problem (wrong error message), right? I'd vote
>> for no backpatch, at least for now --- I'd rather see this change get
>> through beta testing first. Anytime you're fooling with interactions
>> with some other package, the risk of portability issues is high.
>
> Right.
> Applied to HEAD. Will wait for a buildfarm cycle to make sure it doesn't
> kill anything else then try to backport to 8.2 (patch didn't apply
> cleanly to it)
I guess you guys already found a solution that works, but there's yet
another function, "BIO *BIO_new_mem_buf(void *data, int len)", that we
could use. We could open and read the file all by ourselves into memory,
then call BIO_new_mem_buf and pass that to PEM_read_X509. No need to
pass around file pointers, and we could handle any file I/O errors
ourselves. Presumably certificates are never very big, so reading it all
in memory shouldn't be a problem.
BIO_new_mem_buf was introduced in OpenSSL 0.9.7. What versions do we
support?
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Hiroshi Saito | 2007-10-03 17:15:49 | Re: initdb of regression test failed. |
Previous Message | Tom Lane | 2007-10-03 16:49:38 | Re: Doc update: ALTER SEQUENCE name RENAME TO can be rolled back |