[PATCH] Add support for GnuTLS
| От | Martijn van Oosterhout |
|---|---|
| Тема | [PATCH] Add support for GnuTLS |
| Дата | |
| Msg-id | 20060504134807.GK4752@svana.org обсуждение исходный текст |
| Ответы |
Re: [PATCH] Add support for GnuTLS
Re: [PATCH] Add support for GnuTLS |
| Список | pgsql-patches |
This patch does the following: - Provide GnuTLS support beside OpenSSL in both the frontend and backend. Which is used is decided by the configure options --with-openssl and --with-gnutls. They are mutually exclusive. - When psql starts up the message has been altered to include details about the library. For example either of: SSL connection established: GnuTLS (version 1.0.16), encryption DHE_RSA_AES_256_CBC_SHA SSL connection established: OpenSSL (version OpenSSL 0.9.7e 25 Oct 2004), encryption DHE-RSA-AES256-SHA - psql is now SSL library agnostic. It can display the above info whether or not the SSL library was available at compile time. All that matters is what the libpq library was compiled against. - Provides a new function in libpq called PQgettlsinfo(). This returns a resultset containing the most useful details of the SSL connection, if any. - A new command has been added to psql, \ssl, which displays all the information available via PQgettlsinfo(). - Provides a new function in libpq called PQsetPassthrough(). Once this function has been called on an idle connection, its state changes to CONNECTION_PASSTHROUGH. The usual query functions PQsend*, PQexec*, PQconsumeinput and others are blocked. All further communication must be by the user via the send/receive functions given. The only way to undo this is via PQreset or PQfinish. Backward compatability issues: - Applications using libpq to establish the connection and then reading/writing the socket directly may have unexpected results if the client is compiled against GnuTLS. The prior versions of libpq provided no way of identifying the SSL library is use. However, they will *not* crash. These applications have two options. They can use the new PQgettlsinfo() to determine which library libpq is using. They can then elect to disable SSL support via the sslmode option to avoid the issue. Alternately, they can use the new PQsetPassthough() function to retreive the necessary information to communicate directly. In the latter case, the application does not need to check the library in use, libpq will work transparently for all possibilities. Documentation will be provided assuming the above is considered satisfactory for inclusion without major changes. The attached diff does not include the diff of "configure" because I'm evidently running a different version and result was 200KB of useless stuff. The full patch is available here: http://svana.org/kleptog/temp/gnutls.patch Just running autoconf on the local machine should also work. Have a nice day, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to litigate.
Вложения
В списке pgsql-patches по дате отправления: