Re: Supporting Windows SChannel as OpenSSL replacement

Heikki Linnakangas <hlinnakangas@vmware.com>

From: Heikki Linnakangas <hlinnakangas@vmware.com>
To: Andreas Karlsson <andreas@proxel.se>, Jeff Janes <jeff.janes@gmail.com>
Cc: Martijn van Oosterhout <kleptog@svana.org>, Magnus Hagander <magnus@hagander.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2014-08-07T11:47:15Z
Lists: pgsql-hackers

Attachments

Here's a new version of the refactoring patch. I've fixed the issues 
reported so far.

Upon looking closer at the SIGPIPE stuff in libpq, I realized that we 
can remove this line from fe-secure-openssl.c:

> -               /* We cannot use MSG_NOSIGNAL to block SIGPIPE when using SSL */
> -               conn->sigpipe_flag = false;

That's because all the I/O now goes through our wrapper functions that 
do the send/recv, and will use MSG_NOSIGNAL if it's available. That 
avoids two syscalls per send. I haven't measured the performance impact 
of that - it's probably negligible compared to doing encryption - but 
it's still nice to avoid it.

This patch is just refactoring of existing code. It doesn't have any 
user-visible changes; the libpq functions that expose OpenSSL stuff are 
still intact. Doing something about those are the next phase of this 
project.

Please review. I think this is in a good shape, ready for commit.

- Heikki