RE: [HACKERS] Re: SSL patch

On Saturday, July 24, 1999 5:37 PM, Tom Lane [SMTP:tgl@sss.pgh.pa.us] wrote:
> I wrote:
> > [ a bunch of stuff ]
> 
> After looking into this morning's patches digest, I see that half of
> this already occurred to you :-).
> 
> I'd still suggest extending the client to fall back to non-SSL if the
> server rejects the connection (unless it is told by the application
> that it must make an SSL connection).  Then there's no compatibility
> problem at all, even for mix-and-match SSL-enabled and not-SSL-enabled
> clients and servers.

That sounds like a good thing to do.

As it is right now, it should work in all combinations except a 6.6 client
compiled with SSL support connecting to a pre-6.6 server. It already
falls-back if the server is 6.6 (without SSL support). And the 6.6 client
compiled without SSL works.

There is not yet a way in the client to specify that SSL connection is
required (it can be specified on the server). I'm planning to put that in,
but I thought it would be good to get the "base code" approved first - which
proved to be a good thing :-)

I'll see if I can wrap something up before I leave on vacation (leaving
pretty soon, be gone about a week). Not sure I'll make it, though. Should I
do this as a patch against what I have now, or keep sending in "the one big
patch"?


//Magnus