BTW ... while I'm looking at this, it seems like PQsslAttributeNames
is defined in a pretty schizophrenic way. It takes a "conn" argument
but does nothing whatever with that argument. You get back OpenSSL's
attribute list, or an empty attribute list, depending on compilation
options but not on the properties of the connection. None of this
is explained in the docs, and it would not scale to multiple supported
libraries either. Should we clean that up while we're at it?
A definition that'd be consistent with what we just agreed to for
PQsslAttribute is:
PQsslAttributeNames(NULL): the attributes for the default SSL library,
or an empty list if there is none.
PQsslAttributeNames(conn): the attributes for the SSL library in use
on this connection, or an empty list if not encrypted.
This doesn't cover how to find out the attributes for a non-default
SSL library in advance of using it, but since PQsslAttribute would
also need extension for multiple libraries, we could leave that
for later.
regards, tom lane
