Dave Page <dpage@postgresql.org> writes:
> Magnus Hagander wrote:
>> Is there any reason not to just do this on *all* platforms, and get rid
>> of all the #ifdefs?
> Yes, (see the comment in the code). We stat the private key on *nix to
> ensure it hasn't changed underneath us which can't be done using the BIO
> functions... though I wonder if we can get the FILE pointer from BIO and
> do it that way. Should be as safe on *nix as what we currently do.
Perhaps you could still open the file yourself, and use BIO_new_fp()
instead of BIO_new_file()? I'm not getting responses from openssl.org
at the moment, but here's another copy of the relevant man page:
http://developer.apple.com/documentation/Darwin/Reference/Manpages/man3/BIO_s_file.3ssl.html
I concur with Magnus that it'll be better if there's not two code paths
here. It's not entirely clear whether BIO_new_fp() would avoid the
problematic calls, but it doesn't look like it'd be hard to try.
regards, tom lane
