Re: Recent vendor SSL renegotiation patches break PostgreSQL

Bruce Momjian <bruce@momjian.us>

From: Bruce Momjian <bruce@momjian.us>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Chris Campbell <chris_campbell@mac.com>, Robert Haas <robertmhaas@gmail.com>, pgsql-hackers@postgresql.org
Date: 2010-02-20T17:46:38Z
Lists: pgsql-hackers
Tom Lane wrote:
> Chris Campbell <chris_campbell@mac.com> writes:
> > Is there a way to detect when the SSL library has renegotiation disabled?
> 
> Probably not.  The current set of emergency security patches would
> certainly not have exposed any new API that would help us tell this :-(
> 
> If said patches were done properly they'd have also turned an
> application-level renegotiation request into a no-op, instead of
> breaking apps by making it fail --- but apparently they were not done
> properly.

Is there anything remaining to do on this issue?

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com
  PG East:  http://www.enterprisedb.com/community/nav-pg-east-2010.do
  + If your life is a hard drive, Christ can be your backup. +