Re: Supporting Windows SChannel as OpenSSL replacement
Heikki Linnakangas <hlinnakangas@vmware.com>
From: Heikki Linnakangas <hlinnakangas@vmware.com>
To: Andreas Karlsson <andreas@proxel.se>, Jeff Janes <jeff.janes@gmail.com>
Cc: Martijn van Oosterhout <kleptog@svana.org>, Magnus Hagander
<magnus@hagander.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2014-08-07T11:47:15Z
Lists: pgsql-hackers
Attachments
- 0001-Invent-a-new-internal-API-for-interfacing-with-SSL-3.patch (text/x-diff) patch 0001
Here's a new version of the refactoring patch. I've fixed the issues reported so far. Upon looking closer at the SIGPIPE stuff in libpq, I realized that we can remove this line from fe-secure-openssl.c: > - /* We cannot use MSG_NOSIGNAL to block SIGPIPE when using SSL */ > - conn->sigpipe_flag = false; That's because all the I/O now goes through our wrapper functions that do the send/recv, and will use MSG_NOSIGNAL if it's available. That avoids two syscalls per send. I haven't measured the performance impact of that - it's probably negligible compared to doing encryption - but it's still nice to avoid it. This patch is just refactoring of existing code. It doesn't have any user-visible changes; the libpq functions that expose OpenSSL stuff are still intact. Doing something about those are the next phase of this project. Please review. I think this is in a good shape, ready for commit. - Heikki