Home > mailing lists

Re: SSL over Unix-domain sockets - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: SSL over Unix-domain sockets
Date	January 4, 2008 16:18:59
Msg-id	200801041718.m04HIYv16139@momjian.us Whole thread Raw
In response to	SSL over Unix-domain sockets (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: SSL over Unix-domain sockets (Peter Eisentraut <peter_e@gmx.net>) Re: SSL over Unix-domain sockets (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-hackers

Tree view

Peter Eisentraut wrote:
> Using the attached patch, SSL will act over Unix-domain sockets.  AFAICT, this 
> just works.  I didn't find a way to sniff a Unix-domain socket, however.
> 
> How should we proceed with this?

I am confused by the shortness of this patch.  Right now pg_hba.conf
has:
# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]#
hostnossl DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]

These are all for TCP connections.  How do we handle 'local' SSL
connection specification?  Do we want to provide similar functionality
for local connections?

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://postgres.enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +

pgsql-hackers by date:

From: Martijn van Oosterhout
Date: 04 January 2008, 15:36:58
Subject: Re: SSL over Unix-domain sockets

From: Peter Eisentraut
Date: 04 January 2008, 16:38:07
Subject: Re: SSL over Unix-domain sockets

Re: SSL over Unix-domain sockets - Mailing list pgsql-hackers

Previous

Next