database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-30 21:42:05 +03:00
Code Activity
Files
b05ce7550c857b4810eca4aa00b77778ffcfe86a
postgres/src/backend/libpq
History
Tom Lane 383c7ce42b Use OpenSSL's SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag. 
This disables an entirely unnecessary "sanity check" that causes failures
in nonblocking mode, because OpenSSL complains if we move or compact the
write buffer.  The only actual requirement is that we not modify pending
data once we've attempted to send it, which we don't.  Per testing and
research by Martin Pihlak, though this fix is a lot simpler than his patch.

I put the same change into the backend, although it's less clear whether
it's necessary there.  We do use nonblock mode in some situations in
streaming replication, so seems best to keep the same behavior in the
backend as in libpq.

Back-patch to all supported releases.
2011-07-24 15:18:07 -04:00
..
auth.c
Fix SSPI login when multiple roundtrips are required
2011-07-16 20:02:11 +02:00
be-fsstubs.c
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list
2009-06-11 14:49:15 +00:00
be-secure.c
Use OpenSSL's SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag.
2011-07-24 15:18:07 -04:00
crypt.c
Update copyright for 2009.
2009-01-01 17:24:05 +00:00
hba.c
Complain if pg_hba.conf contains "hostssl" but SSL is disabled.
2011-04-26 15:40:18 -04:00
ip.c
Remove our inadequate kluge that tried to get AIX's various broken versions
2009-06-11 19:00:15 +00:00
Makefile
Refactor backend makefiles to remove lots of duplicate code
2008-02-19 10:30:09 +00:00
md5.c
Update copyright for 2009.
2009-01-01 17:24:05 +00:00
pg_hba.conf.sample
Remove last references to the crypt auth method, per Andreas Scherbaum.
2009-04-01 03:23:50 +00:00
pg_ident.conf.sample
Improve comments in pg_ident.conf.sample.
2009-05-16 20:43:46 +00:00
pqcomm.c
Work around header misdefines in modern Windows SDK when _WIN32_WINNT is less than 0x0501. Only required for versions 8.2, 8.3 and 8.4., as we defined _WIN32_WINNT as 0x0501 after that.
2011-01-04 09:42:04 -05:00
pqformat.c
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list
2009-06-11 14:49:15 +00:00
pqsignal.c
Update copyright for 2009.
2009-01-01 17:24:05 +00:00
README.SSL
Remove large parts of the old SSL readme, that consisted of a couple
2008-10-24 11:48:29 +00:00

README.SSL 

$PostgreSQL: pgsql/src/backend/libpq/README.SSL,v 1.7 2008/10/24 11:48:29 mha Exp $

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup
     




>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------