Home > mailing lists

Re: SSL over Unix-domain sockets - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: SSL over Unix-domain sockets
Date	January 5, 2008 12:13:53
Msg-id	200801051413.46898.peter_e@gmx.net Whole thread Raw
In response to	Re: SSL over Unix-domain sockets (Bruce Momjian <bruce@momjian.us>)
Responses	Re: SSL over Unix-domain sockets (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Bruce Momjian wrote:
> Peter Eisentraut wrote:
> > Using the attached patch, SSL will act over Unix-domain sockets.  AFAICT,
> > this just works.  I didn't find a way to sniff a Unix-domain socket,
> > however.
> >
> > How should we proceed with this?
>
> I am confused by the shortness of this patch.  Right now pg_hba.conf
> has:
>
>     # host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
>     # hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
>     # hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
>
> These are all for TCP connections.  How do we handle 'local' SSL
> connection specification?  Do we want to provide similar functionality
> for local connections?

Here is a patch that implements "localssl" as well.  It is quite simple.  
(Note that the code in hba.c is all copy and paste.)

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

pgsql-hackers by date:

From: Peter Eisentraut
Date: 05 January 2008, 11:58:43
Subject: Re: [PATCH] pg_hba.conf.sample: mention www.postgresql.org

From: jMartinez
Date: 05 January 2008, 13:02:52
Subject: pg 8.3 Windows installer suggestion

Re: SSL over Unix-domain sockets - Mailing list pgsql-hackers

Previous

Next