Re: OpenSSL key renegotiation with patched openssl
| От | Dave Cramer |
|---|---|
| Тема | Re: OpenSSL key renegotiation with patched openssl |
| Дата | |
| Msg-id | 491f66a50911300843g1372208ct83df67f24c09983@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: OpenSSL key renegotiation with patched openssl (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Fri, Nov 27, 2009 at 4:58 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes: >> Tom Lane wrote: >>> The discussion I saw suggested that you need such a patch at both ends. > >> and likely requires a restart of both postgresql and slony afterwards... > > Actually, after looking through the available info about this: > https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt > I think my comment above is wrong. It is useful to patch the > *server*-side library to reject a renegotiation request. Applying that > patch on the client side, however, is useless and simply breaks things. > > regards, tom lane I've looked at the available patches for openssl, and so far can only see that ssl3_renegotiate returns 0 if a renegotiation is requested, which would cause pg to throw an error. Is there another patch that fixes this ? I would have expected openssl to simply ignore this request if renegotiation is removed from the library ? Dave >
В списке pgsql-hackers по дате отправления: