Re: PQinitSSL broken in some use casesf

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Merlin Moncure <mmoncure(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PQinitSSL broken in some use casesf
Date: 2009-03-29 02:29:32
Message-ID: 603c8f070903281929u5a81c458v2a1659a2d44b489b@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sat, Mar 28, 2009 at 3:51 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Bruce Momjian <bruce(at)momjian(dot)us> writes:
>> Well, we are not the "Make Merlin Happy club".  ;-)
>
> Merlin and Andrew were the ones complaining initially.  If they feel
> that a proposed patch doesn't fix the problem, then I'd say that it
> isn't fixing the problem.

+1.

>> My personal opinion is that adding #defines to PQinitSSL() is the right
>> level of fix, and if we ever implement a libpq init mechanism we can
>> convert PGinitSSL to a macro. I am attaching a sample patch for
>> feedback.
>
> This is just a rehash of one of the patches that was discussed earlier.
> There wasn't consensus for it then, and there's not now.

OK, I read this patch. Wazzamatterwithit?

AIUI, we need to define an API that allows libssl and libcrypto to be
initialized or not initialized in any combination. We can do this by
modifying the meaning of the argument to PQinitSSL(), by adding a new
API function, by creating some more general initialization function,
or by some other method. It doesn't REALLY matter. I think I'm
personally of the opinion that PQinitSSL(int) should be left alone and
we should define PQinitSSLCrypto(int, int), just to avoid the
possibility of difficult-to-debug backward-compatibility problems, but
the number of people calling PQinitSSL(2) in existing applications is
doubtless vanishingly small, because there is probably no reason to
call it with a non-constant argument, so who is going to pick 2 rather
than 1? So if someone has some sort of principled objection to adding
a new API call, then let's just modify the behavior of the existing
call instead and move on.

Is there more substance here than meets the eye?

...Robert

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2009-03-29 02:31:29 Re: psql \d* and system objects
Previous Message Bruce Momjian 2009-03-28 23:41:32 Re: Unsupported effective_io_concurrency platforms