Home > mailing lists

Re: Question regarding SSL code in backend and frontend - Mailing list pgsql-hackers

From	Tatsuo Ishii
Subject	Re: Question regarding SSL code in backend and frontend
Date	April 5, 2012 06:00:47
Msg-id	20120405.150049.1139277216417686423.t-ishii@sraoss.co.jp Whole thread Raw
In response to	Re: Question regarding SSL code in backend and frontend (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Question regarding SSL code in backend and frontend (Magnus Hagander <magnus@hagander.net>)
List	pgsql-hackers

Tree view

>> Those code fragment judges the return value from
>> SSL_read(). secure_read() does retrying when SSL_ERROR_WANT_READ *and*
>> SSL_ERROR_WANT_WRITE returned. However, pqsecure_read() does not retry
>> when SSL_ERROR_WANT_READ. It seems they are not consistent. Comments?
> 
> There's no particular reason why they should be consistent, I think.
> The assumptions for nonblocking operation are different.

Ok. Thanks.

BTW, usage of SSL_CTX_new() is different among frontend and backend as
well.

fe-secure.c:        SSL_context = SSL_CTX_new(TLSv1_method());
be-secure.c:        SSL_context = SSL_CTX_new(SSLv23_method());

In my understanding by using SSLV23_method, it is compatible with
SSLv2, SSLv3, and TLSv1 protocol. So it seems there's no particular
reason to use TLSv1_method(). Am I missing something?
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

pgsql-hackers by date:

From: Tom Lane
Date: 05 April 2012, 03:57:16
Subject: Re: pg_upgrade improvements

From: Boszormenyi Zoltan
Date: 05 April 2012, 06:03:49
Subject: Re: [PATCH] lock_timeout and common SIGALRM framework

Re: Question regarding SSL code in backend and frontend - Mailing list pgsql-hackers

Previous

Next