Re: Does libpq have SSL functions? - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Does libpq have SSL functions?
Date
Msg-id 200304152204.h3FM4HD12837@candle.pha.pa.us
Whole thread Raw
In response to Does libpq have SSL functions?  (gar8@pitt.edu (Tony Reina))
List pgsql-hackers
Your Pgconn already is SSL encrypted.

---------------------------------------------------------------------------

G. Anthony Reina wrote:
> Thanks for the reply Bruce.
> 
> Yes, I'm aware of the pg_hba.conf setting to require SSL connections, 
> however I was specifically asking if the C library for PostgreSQL had SSL 
> functions built in to relieve me of actually having to write the code for 
> the connections.
> 
> That is, do I specifically have to negotiate the SSL connections in my 
> program (i.e. ssl = SSL_new(ctx); if (SSL_connect(ssl)<=0) ...). Or, will 
> the  "conn = PQsetdb(pghost, pgport, pgoptions, pgtty, dbName); " already 
> setup conn as an SSL connection for me if I specify requiressl?
> 
> I think it is probably the former, but I'd hate to be reinventing the wheel 
> and encrypting an already encrypted connection.
> 
> Thanks.
> -Tony
> 
> 
> 
> --On Tuesday, April 15, 2003 5:19 PM -0400 Bruce Momjian 
> <pgman@candle.pha.pa.us> wrote:r
> 
> >
> > Yes.  Take a look at pg_hba.conf's hostssl option.  That will force SSL
> > for certain hosts.  You can also use 'requiressl' in your libpq
> > connection string.
> >
> > -------------------------------------------------------------------------
> > --
> >
> > Tony Reina wrote:
> >> I'd like to build some SSL functionality into my C functions that
> >> access the PostgreSQL database. My C functions are calling the
> >> routines from libpq. By chance, are there any SSL functions inherent
> >> to libpq for establishing a secure connection to the postmaster?
> >>
> >> I mention this because I noticed in the source code for psql, the c
> >> file startup.c has the following line:
> >>
> >> ssl = PQgetssl(pset.db);
> >>
> >> I didn't seem to find any other SSL references in the /src/bin/psql
> >> directory using grep, but I know that psql can be built with SSL
> >> support so I was hoping to use the code for that as a template.
> >>
> >> Thanks.
> >> -Tony
> 
> 
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073
 



pgsql-hackers by date:

Previous
From: ow
Date:
Subject: Re: Are we losing momentum?
Next
From: Bruce Momjian
Date:
Subject: Re: GLOBAL vs LOCAL temp tables