On 05/11/2009, at 9:15, John R Pierce wrote:
> Raimon Fernandez wrote:
>>> heck, you have to be a glutton to want to use libssl from
>>> openssl... there's something like 158 APIs and very little
>>> documentation on how to properly use them
>>
>> Doy you mean there's no 'easy' way to start-up an SSL connection
>> from a TCP/IP socket to postgresql ????
>>
>
> When you see that "S", you initialize a TLS/SSL connection, some
> hints about how SSL works here...
>
> http://www.mozilla.org/projects/security/pki/nss/ssl/
>
> the *pathetic* official documentation on OpenSSL is here...
> http://www.openssl.org/docs/
> oops, 214 library functions in libssl, I think I said 148 or
> something earlier.
> http://www.openssl.org/docs/ssl/ssl.html#API_FUNCTIONS
>
> likely your best bet will be to look at the sources to libpq that
> deal with SSL session setup, usage, and teardown, and use the libssl
> docs as references for the SSL_xxxxxxx API calls you find there
>
> And you likely will want to get a comprehensive book on programming
> SSL/TLS with libssl/openssl
>
>>> Why aren't you using libpq ??!?
>>
>> I'm doing this as an experiment/hobby, the comunication using TCP/
>> IP is really fast, I'm accessing servers that are far away and the
>> speed is really great, I have asynchronous comunication, I can show
>> rows as they are coming, I don't have to wait before all of them
>> are here, it's multi-plattform, my code works on OS X, OS 9,
>> Windows, Linux, and I don't know almost nothing about C, linking C
>> libraries, etc. etc.
>
> What are you programming in ? Does it provide native SSL sockets ?
> OpenSSL is pretty much all C library programming. Certainly,
> something like the native SSL SecureSocket mechanismi in Java are
> much easier to use
Yes, I have Native TCP/IP SSL Sockets, and I've successfully connected
to other servers in SSL.
I'm going to install a certificate in PostgreSQL and start from
there ...
The port is the same for 'open' connections ?
thanks,
raimon
