Tom Lane wrote:
> Dave Page <dpage@postgresql.org> writes:
>> The server doesn't seem to be affected, but the attached patch fixes the
>> problem for the client apps. Unfortunately it must be included in the
>> app itself, and not libpq.
>
> This is pretty much in the category of "they've got to be kidding".
Agreed. Unless I've completely missed the point this does seem *really*
dumb.
> I recommend sitting on the prior version until upstream fixes their
> mistake.
Unfortunately from what I've seen it doesn't look like thats on their
agenda... and this has been around in release versions now since July 2005.
I believe we just didn't notice it until now because the older Mingw
builds use the MSVC 6.0 runtimes which just happened to be compatible
with the OpenSSL binary builds (we're now using 8.0), in addition to
which there are relatively few people using client-side certs I'd wager.
/D
