Re: PQgetssl() and alternative SSL implementations - Mailing list pgsql-hackers

From Heikki Linnakangas
Subject Re: PQgetssl() and alternative SSL implementations
Date
Msg-id 53F379CF.5090100@vmware.com
Whole thread Raw
In response to Re: PQgetssl() and alternative SSL implementations  (Alvaro Herrera <alvherre@2ndquadrant.com>)
List pgsql-hackers
On 08/19/2014 07:10 PM, Alvaro Herrera wrote:
> Stephen Frost wrote:
>> * Heikki Linnakangas (hlinnakangas@vmware.com) wrote:
>>
>>> Indeed, the ODBC driver only uses libpq for authentication, then
>>> calls PQgetssl(), and takes over the whole show calling SSL_read()
>>> and SSL_write() itself. Ideally, we'd modify psqlodbc to stop doing
>>> that, but that's not an easy job. In the short-term, I think we need
>>> to export pqsecure_read() and pqsecure_write() functions in libpq,
>>> so that the ODBC driver can use those instead of SSL_read() and
>>> SSL_write().
>>
>> Yeah, that's what I remembered.  There was an attempt to make that
>> change at one point, but it was reverted due to the lack of batching
>> ability in libpq (without resorting to cursors, as I recall...),
>> requiring double the memory usage.  Still, if pqsecure_read and
>> pqsecure_write are sufficient to make the ODBC driver work, that's good
>> news.  I had been worried it did other things with the OpenSSL struct
>> beyond just using those.
>
> Um, libpq has recently gained the ability to return result fragments,
> right?  Those didn't exist when libpq-ification of odbc was attempted,
> as I recall -- perhaps it's possible now.

IIRC the thing that psqlodbc does that libpq doesn't support is sending 
multiple queries to the backend, and then wait for *all* the replies to 
arrive, in a single round-trip. The closest thing is using PQexec("foo; 
bar;"), but that's quite limited.

- Heikki



pgsql-hackers by date:

Previous
From: Heikki Linnakangas
Date:
Subject: Re: PQgetssl() and alternative SSL implementations
Next
From: Tom Lane
Date:
Subject: Re: PQgetssl() and alternative SSL implementations