Re: Debian readline/libedit breakage - Mailing list pgsql-hackers

From Martijn van Oosterhout
Subject Re: Debian readline/libedit breakage
Date
Msg-id 20110217210917.GA19187@svana.org
Whole thread Raw
In response to Re: Debian readline/libedit breakage  ("Joshua D. Drake" <jd@commandprompt.com>)
Responses Re: Debian readline/libedit breakage
List pgsql-hackers
On Wed, Feb 16, 2011 at 04:33:19PM -0800, Joshua D. Drake wrote:
> Maybe we really should consider moving to NSS insread?
>
> http://www.mozilla.org/projects/security/pki/nss/
>
> If it solves the license problem, it is well supported etc..

For the record, which library you choose only matters for a fairly
small (and easy) part of the patch. Changing libpq to be SSL library
agnostic is more work.

For the people who aren't following, the issue is there are libraries
out there that use libpq to setup the connection to the postgres server
(so handing all authentication, et al) and then stealing the FD and
implementing the rest of the protocol themselves.

This is supported. Where it goes wonky is that this also has to work
when the connection is via SSL. So libpq provides a function to return
(via a void*) a pointer to the OpenSSL structure so that can be used to
communicate with the server.

As you can imagine, unless the library you use is *binary* compatable
with OpenSSL, you're kinda stuck. The idea I suggested way back was to
introduce a passthrough mode which would hide all the connection
details within libpq, simplifying the code on both sides. Then after a
few releases you could remove the old code and change the SSL library
at leasure.

I guess the painless option however is no longer available.

Have a nice day,
--
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> Patriotism is when love of your own people comes first; nationalism,
> when hate for people other than your own comes first.
>                                       - Charles de Gaulle

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Re: [COMMITTERS] pgsql: Fix blatantly uninitialized variable in recent commit.
Next
From: Simon Riggs
Date:
Subject: Re: Replication server timeout patch