Ok, here is another one :-)
* The function sslinfo() has been removed from the backend.
* I changed the meaning of "-l" from "Listen to only SSL" to
"Disable SSL". It seems safe to me to do this since the
previous function of "-l" never worked anyway.
Using this switch, you can start the postmaster without
having the secret key and the certificate file in place.
* I added accessor function "SSL *PQgetssl(void)" to libpq,
to get the SSL structure. Any functions from OpenSSL can
then be used on this returned structure to get information.
* Made psql use this PQgetssl() function after initial
connection to report SSL status (only if enabled, of course)
* Added connection option "requiressl" backed by environment
variable PGREQUIRESSL. If set to "1", libpq will refuse to
connect to a server that does not support SSL. (This must be
handled during the conneection process, and can *not* be
handled in the client application afterwards. If it were
to be handled by the application and you were using password
authenticatino, the password would be sent (by libpq) over an
unencrypted connection before you had a chance to reject it)
* Fixed an error message that referred to version 6.6 - it was
never released as 6.6, but as 7.0... :-)
* Patch is using "diff -cr" this time. I hope I understood
correctly what you wanted.
Right now, the only way to set "requiressl" for psql is to use
an environment variable. I'd like it to be possible to do this
using the commandline for example, probably using a "psql variable".
But that would require changing psql to use PQconnectDb() instead
of PQsetdbLogin(), so I figured I should check first :-) [BTW,
PQconnectDb() is the recommended way of doing it nowadays, right?]
Documentation is coming up, but I figured I should get the actual
code approved and applied first, so I don't document something
that I later have to change :-)
//Magnus
<<ssl_patch>>
