Re: [PATCH v10] GSSAPI encryption support
Robbie Harwood <rharwood@redhat.com>
From: Robbie Harwood <rharwood@redhat.com>
To: pgsql-hackers@postgresql.org
Date: 2016-04-01T03:31:33Z
Lists: pgsql-hackers
Attachments
- v10-0001-Move-common-GSSAPI-code-into-its-own-files.patch (text/x-diff) patch v10-0001
- v10-0002-Connection-encryption-support-for-GSSAPI.patch (text/x-diff) patch v10-0002
- v10-0003-GSSAPI-authentication-cleanup.patch (text/x-diff) patch v10-0003
Hello friends, Here is another version of GSSAPI encryption support, both on this email and on my github: https://github.com/frozencemetery/postgres/tree/feature/gssencrypt10 This version is intended to address Michael's review: - Fixed Windows build. Thanks to Michael for patches. - Fixed buffering of large replies on the serverside. This should fix the traceback that was being seen. The issue had to do with the difference between the server and client calling conventions for the _read and _write functions. - gss_enc_require renamed to gss_require_encrypt. Slightly longer, but half the stomach churn. - Move gss_encrypt out of the GUCs and into connection-specific logic. Thanks to Tom Lane for pointing me in the right direction here. - Replace writev() with two calls to _raw_write(). I'm not attached to this design; if someone has a preference for allocating a buffer and making a single write from that, I could be persuaded. I don't know what the performance tradeoffs are. - Typo fixes. I need to figure out spellchecking in my editor. - More use of <acronym>. - Change _should_crypto() functions to return bool. Also rename them to be the _should_encrypt functions. - Error message cleanup. Thanks!
Commits
-
GSSAPI encryption support
- b0b39f72b990 12.0 landed
-
Fix typo
- 57c932475504 9.6.0 cited