Re: PQinitSSL broken in some use casesf
| От | Merlin Moncure |
|---|---|
| Тема | Re: PQinitSSL broken in some use casesf |
| Дата | |
| Msg-id | b42b73150903280623i15412a19v105bbbd58efd3caf@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: PQinitSSL broken in some use casesf (Bruce Momjian <bruce@momjian.us>) |
| Ответы |
Re: PQinitSSL broken in some use casesf
Re: PQinitSSL broken in some use casesf |
| Список | pgsql-hackers |
On Fri, Mar 27, 2009 at 9:38 PM, Bruce Momjian <bruce@momjian.us> wrote: > I have applied the attached patch which does several things: > > o documents that libssl _and_ libcrypto initialization is > turned off by PQinitSSL(0) > o clarified cases where this behavior is important > o added comments that the CRYPTO_set_* calls reference > libcrypto, not libssl > > I think we can now say that the current behavior is not a bug because it > is documented, even though the PQinitSSL() function name is inaccurate. It is still a bug in the sense that it is impossible to properly initialize crypto features in some scenarios. A doc patch (which I argued is the best way to go for 8.4) fails to properly raise the seriousness of the issue and also fails to suggest a workaround. I think a proper way to document this issue would be something like this: " If your application initializes libcrypto, but not libssl, you must not call PQinitSSL(1) because it will overwrite your libcrypto initialization. In order to safely use libpq in your application, you must include ssl headers and call the following functions: #include <openssl/ssl.h>#include <openssl/conf.h> OPENSSL_config(NULL);SSL_library_init();SSL_load_error_strings();PQinitSSL(0); In order to initialize libpq properly for SSL connections. " > I think there is a good argument that PQinitSSL(X) where X > 1 would > work fine for more fine-grained control. The new libpq init function > idea was interesting, but having a documented solution for > WSAStartup()/WSACleanup() usage, we now don't have another libpq init > use-case so it is hard to suggest a new libpq function. This feature when discussed at the time was not enough _by itself_ to support a PQinit feature (I agree with this reasoning), but surely should be considered as valid supporting evidence that a library initialization feature is useful. IOW, the whole of the argument is equal to the sum of its parts. (yes, we have an agenda here: we were not happy that our events patch could not establish behavior at library initialization time). merlin
В списке pgsql-hackers по дате отправления: