From: | Andrew Chernow <ac(at)esilo(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Merlin Moncure <mmoncure(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: PQinitSSL broken in some use casesf |
Date: | 2009-02-13 18:33:41 |
Message-ID: | 4995BD05.5080900@esilo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Andrew Chernow wrote:
> Robert Haas wrote:
>> On Fri, Feb 13, 2009 at 12:06 PM, Andrew Chernow <ac(at)esilo(dot)com> wrote:
>>> Patch attached.
>>>
>>> One thing I noticed is the ssl_open_connections variable is ref counting
>>> connections when pq_initssllib is true. But, it now only affects crypto
>>> library init and cleanup calls. Point is, ref counting is only
>>> needed if
>>> pq_initcryptolib is true and it should be renamed to
>>> crypto_open_connections. I didn't do this in the patch. Its the
>>> same old
>>> name and the counter is incremented if pq_initssllib or
>>> pq_initcryptolib is
>>> true. Please advise.
>>
>> I'll review this in more detail when I have a chance, but it certainly
>> won't be committable without doc changes, and it's probably best if
>> you write those and include them in the patch.
>>
One problem with this patch is that a libpq app using PQinitSSL(0) is
under the assumption that this shuts off ssl init and crypto init. That
app might be doing its own crypto init which would be overwritten by
libpq because the app is unaware of PQinitCrypto (if and when it
eventually links with 8.4 libpq). This feels like a very uncommon
situation, but a possible gotcha.
--
Andrew Chernow
eSilo, LLC
every bit counts
http://www.esilo.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Chernow | 2009-02-13 18:56:04 | Re: PQinitSSL broken in some use casesf |
Previous Message | Andrew Chernow | 2009-02-13 18:13:06 | Re: PQinitSSL broken in some use casesf |