On , 28 May 1998, at 07:40:37, Tom Ivar Helbekkmo wrote:
> > I'm rewriting my SSL for patch so it's a little less messy, [...]
>
> Does this mean that you're adding a facility for an encrypted data
> stream between server and clients? If so, great! Are you adding this
> in such a way that other mechanisms than SSL can be facilitated? I'd
> like to take a shot at adding Kerberos IV encryption to your model...
Once the patch is rewritten, yes, all fe/be communication will take
place in two functions, pq_read and pq_write. It'll take a little
more to make it completely modularized (once bruce removes the exec()
it will make things much better -- as it is the SSL connection must be
renegotiated at that point) but I think it is worth the effort. I may
go as far as to allow pluggable transport mechanisms and
authentication.
It's a work in progress. The info page is at
http://www.chicken.org/pgsql/ssl/
It details some of the changes I plan to make, as well as a short
description of the patch and how I feel about the fe/be communication.
However, it is probably poorly written, so I should probably change
that.
I warn against using it at this point -- libpq is the only interface
guarunteed to work, which means no perl interface without some ugly
hacking. This will change.