Re: You're on SecurityFocus.com for the cleartext passwords.

Peter Eisentraut <peter_e@gmx.net> writes:
> Tom Lane writes:
>> We already have the ability to work with an externally provided SSL
>> library.

> Does it actually work? Has anybody tried it? Is it documented anywhere?

Picky, picky ;-)

It looks like you compile with USE_SSL (which ought to be listed as an
available option in config.h.in, but isn't; someday it should be a
configure option, perhaps) and then add "-l" to the postmaster switches.
At least "-l" is documented.

There are some interactions between SSL-client-and-non-SSL-server, etc,
which you can read about in the pghackers archives from last year, if
not in the docs.  Also, I thought there was supposed to be a postmaster
option to refuse non-SSL connections, but I don't see it now...

As for whether it works, damifino; I don't have SSL installed here.
I do have a note in my todo list that speculates that the recent changes
for non-blocking connect in libpq may have broken its SSL support, and I
asked the pghackers list about that in January.  But I didn't get around
to looking at it, and no one else picked up on it either.
        regards, tom lane