Re: PQinitSSL broken in some use casesf

Merlin Moncure wrote:
> On Tue, Feb 10, 2009 at 9:32 AM, Magnus Hagander <magnus@hagander.net> wrote:
>>> How we worked around it:
>>> We solved it by copying the SSL init sequence from fe-secure.c.  Doesn't
>>> seem like something that would change very often.  So we
>>> init_our_library(), PQinitSSL(0) and then do a few lines of SSL init stuff.
>> Seems unusual, but certainly not "nearly impossible". But we're back to
>> the discussions around the WSA code - our API provides no really good
>> place to do this, so perhaps we should just clearly document how it's
>> done and how to work around it?
> 
> I'm not so sure that's appropriate in this case.  I think the existing
> libpq behavior is simply wrong...crypto and ssl are two separate
> libraries and PQinitSSL does not expose the necessary detail.  This is
> going to break apps in isolated but spectacular fashion when they link
> to both pq and crypto for different reasons.

They could, but nobody has reported it yet, so it's not a common scenario.


> maybe invent a special value to PQinitSSL for ssl only init?

We could do that, I guess. However, if an application passes this in to
an old version of libpq, there is no way to know that it didn't know
about it.

//Magnus