Fabien COELHO <coelho@cri.ensmp.fr> writes:
> Now if you connect to some other server with some other protocol, that is
> another issue...
But the code in question is only for SSL connection to PG, so that's
a red herring I think.
> Also, I do not know how the postgresql protocol interacts
> with SSL... I guess the server waits for the first packet to decided
> whether it is a SSL connection or a non-SSL connection?
It'sClient sends SSL request message
Server sends back 1 byte indicating if it can do SSL or not
<< SSL startup protocol happens here >>
Client sends normal PG connection request message
Authentication exchange proceeds as usual
If the server were first to send during the SSL startup protocol, then
it's possible that more than one byte would be waiting for the client
when it reads the server response. We'd have no easy way to "push back"
those bytes and allow them to be re-read by the client-side SSL library.
So that was the danger I was concerned about.
If the client is first to send during the SSL startup protocol, then
there's no problem: there can only be one byte waiting for us.
regards, tom lane
