1
0
mirror of https://github.com/postgres/postgres.git synced 2025-07-30 11:03:19 +03:00

Add PQinitOpenSSL() function to support applications that use libcrypto

but not OpenSSL (or perhaps vice versa, if that's possible).

Andrew Chernow, with minor editorialization by me.
This commit is contained in:
Tom Lane
2009-03-31 01:41:27 +00:00
parent c9aa8a62c0
commit 97503a5200
4 changed files with 145 additions and 53 deletions

View File

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.280 2009/03/28 01:36:11 momjian Exp $ -->
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.281 2009/03/31 01:41:27 tgl Exp $ -->
<chapter id="libpq">
<title><application>libpq</application> - C Library</title>
@ -63,7 +63,7 @@
The <function>PQstatus</> function should be called to check
whether a connection was successfully made before queries are sent
via the connection object.
<note>
<para>
On Windows, there is a way to improve performance if a single
@ -6168,20 +6168,6 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
environment variables <envar>PGSSLCERT</> and <envar>PGSSLKEY</>.
</para>
<para>
If your application initializes <literal>libssl</> or
<literal>libcrypto</> libraries and <application>libpq</application>
is built with <acronym>SSL</> support, you should call
<function>PQinitSSL(0)</> to tell <application>libpq</application>
that the <literal>libssl</> and <literal>libcrypto</> libraries
have been initialized by your application so
<application>libpq</application> will not initialize those libraries.
<!-- If this URL changes replace it with a URL to www.archive.org. -->
See <ulink
url="http://h71000.www7.hp.com/doc/83final/BA554_90007/ch04.html"></ulink>
for details on the SSL API.
</para>
<table id="libpq-ssl-file-usage">
<title>Libpq/Client SSL File Usage</title>
<tgroup cols="3">
@ -6225,6 +6211,93 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
</tgroup>
</table>
<para>
If your application initializes <literal>libssl</> and/or
<literal>libcrypto</> libraries and <application>libpq</application>
is built with <acronym>SSL</> support, you should call
<function>PQinitOpenSSL</> to tell <application>libpq</application>
that the <literal>libssl</> and/or <literal>libcrypto</> libraries
have been initialized by your application, so that
<application>libpq</application> will not also initialize those libraries.
<!-- If this URL changes replace it with a URL to www.archive.org. -->
See <ulink
url="http://h71000.www7.hp.com/doc/83final/BA554_90007/ch04.html"></ulink>
for details on the SSL API.
</para>
<para>
<variablelist>
<varlistentry>
<term>
<function>PQinitOpenSSL</function>
<indexterm>
<primary>PQinitOpenSSL</primary>
</indexterm>
</term>
<listitem>
<para>
Allows applications to select which security libraries to initialize.
<synopsis>
void PQinitOpenSSL(int do_ssl, init do_crypto);
</synopsis>
</para>
<para>
When <parameter>do_ssl</> is non-zero, <application>libpq</application>
will initialize the <application>OpenSSL</> library before first
opening a database connection. When <parameter>do_crypto</> is
non-zero, the <literal>libcrypto</> library will be initialized. By
default (if <function>PQinitOpenSSL</> is not called), both libraries
are initialized. When SSL support is not compiled in, this function is
present but does nothing.
</para>
<para>
If your application uses and initializes either <application>OpenSSL</>
or its underlying <literal>libcrypto</> library, you <emphasis>must</>
call this function with zeroes for the appropriate parameter(s)
before first opening a database connection. Also be sure that you
have done that initialization before opening a database connection.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<function>PQinitSSL</function>
<indexterm>
<primary>PQinitSSL</primary>
</indexterm>
</term>
<listitem>
<para>
Allows applications to select which security libraries to initialize.
<synopsis>
void PQinitSSL(int do_ssl);
</synopsis>
</para>
<para>
This function is equivalent to
<literal>PQinitOpenSSL(do_ssl, do_ssl)</>.
It is sufficient for applications that initialize both or neither
of <application>OpenSSL</> and <literal>libcrypto</>.
</para>
<para>
<function>PQinitSSL</> has been present since
<productname>PostgreSQL</> 8.0, while <function>PQinitOpenSSL</>
was added in <productname>PostgreSQL</> 8.4, so <function>PQinitSSL</>
might be preferable for applications that need to work with older
versions of <application>libpq</application>.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</sect1>