On Thu, Nov 05, 2009 at 08:48:47AM +0100, Raimon Fernandez wrote:
> Where can I find the steps to start an SSL connection with PostgreSQL ?
>
> The config files, certificates, etc. etc. must follow the same rules for
> the libpq specification ?
You follow the conventions of whatever SSL library you use.
>> heck, you have to be a glutton to want to use libssl from openssl...
>> there's something like 158 APIs and very little documentation on how
>> to properly use them
>
> Doy you mean there's no 'easy' way to start-up an SSL connection from a
> TCP/IP socket to postgresql ????
Sure, open up the documentation for the SSL library you want to use and
find the function that lets you pass a open file descriptior. This
function will handle the SSL startup for you and give you a handle for
further communication.
Personally I find the GnuTLS API to be much saner than openssl, in
which case you just do:
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) FileDescriptor);
/* Perform the TLS handshake
*/
ret = gnutls_handshake (session);
See this example:
http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-anonymous-authentication.html#Simple-client-example-with-anonymous-authentication
Hope this helps,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> Please line up in a tree and maintain the heap invariant while
> boarding. Thank you for flying nlogn airlines.