Re: PQinitSSL broken in some use casesf

Andrew Chernow wrote:
> 
> > On Tue, Feb 10, 2009 at 5:02 PM, Bruce Momjian <bruce@momjian.us> wrote:
> >> PQinitSSL(false) initializes crypto?  Please point me to exact function
> >> calls that are the problem?  Everything is very vague.
> 
> File: src/interfaces/libpq/fe-secure.c
> Func: init_ssl_system
> Line: 823
> 
> Starting at around line 853, this function prepares a lock array for 
> CRYPTO_set_locking_callback.  This function is not part of libssl, its 
> part of libcrypto.  It also calls CRYPTO_set_id_callback.  The rest of 
> that function appears to only make libssl calls.
> 
> There should be an "if (pq_initcryptolib)" around those libcrypto calls, 
> serving the same purpose as the pq_initssllib variable.

Why not just call PQinitSSL(true) and do everything in your
application?;  from the libpq manual:
  If you are using <acronym>SSL</> inside your application (in addition  to inside <application>libpq</application>),
youcan use  <function>PQinitSSL(int)</> to tell <application>libpq</application>  that the <acronym>SSL</> library has
alreadybeen initialized by your  application.
 

Actually, that wording doesn't say what the parameter means so I updated
the documentation:
    If you are using <acronym>SSL</> inside your application (in addition
!    to inside <application>libpq</application>), you can call
!    <function>PQinitSSL(int)</> with <literal>0</> to tell
!    <application>libpq</application> that the <acronym>SSL</> library
!    has already been initialized by your application.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +