Re: PQinitSSL broken in some use casesf

Magnus Hagander wrote:
> Merlin Moncure wrote:
> > On Tue, Feb 10, 2009 at 9:32 AM, Magnus Hagander <magnus@hagander.net> wrote:
> >>> How we worked around it:
> >>> We solved it by copying the SSL init sequence from fe-secure.c.  Doesn't
> >>> seem like something that would change very often.  So we
> >>> init_our_library(), PQinitSSL(0) and then do a few lines of SSL init stuff.
> >> Seems unusual, but certainly not "nearly impossible". But we're back to
> >> the discussions around the WSA code - our API provides no really good
> >> place to do this, so perhaps we should just clearly document how it's
> >> done and how to work around it?
> > 
> > I'm not so sure that's appropriate in this case.  I think the existing
> > libpq behavior is simply wrong...crypto and ssl are two separate
> > libraries and PQinitSSL does not expose the necessary detail.  This is
> > going to break apps in isolated but spectacular fashion when they link
> > to both pq and crypto for different reasons.
> 
> They could, but nobody has reported it yet, so it's not a common scenario.

Agreed.

Would someone remind me why turning off ssl initialization in libpq does
not work for this case?

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +