Thread

  1. ssl implementation questions

    Brett McCormick <brett@work.chicken.org> — 1998-04-26T07:16:42Z

    i've a few questions for my ssl patch:
    
    the way i've implemented ssl is by having a structure called PGcomm
    which replaces the pair of Pfdebug/Pfin/Pfout.  this structure
    contains those values as well as the SSL state stuff (context * and
    connection *).  All functions which use(d) Pfin/Pfout/Pfdebug, either
    as an argument or an extern variable, were modified to use this
    structure.  Does this seem appropriate?
    
    Is there any value to having an OO like approach to the fe/be
    communication API.  So that other transport mechanisms/protocols can
    be loaded in at will.  Something other than the kludgish way I've got
    #ifdef POSTGRESQL_SSL.
    
    Would it be good to make positive (IMHO of course) changes to postgres
    that make it easier for things like this to be done?  It would also
    allow my patch to be a lot cleaner, which is important.  It would also
    eliminate the need for me to patch every fwrite/fread that gets added
    to the code.
    
    Also, why does it exec() instead of just setting some variables and
    calling the function that ends up getting run anyway?  That would
    eliminate the SSL data from getting destroyed and keeping it from
    having to renegotiate the SSL connection.
    
    --brett
    http://www.chicken.org/pgsql/ssl/