Alex Shulgin <ash@commandprompt.com> writes:
>>>
>>> I can do that too, just need a hint where to look at in libpq/psql to
>>> add the option.
>>
>> The place to *enforce* the option is src/interfaces/libpq/fe-secure.c
>> (look for SSLv23_method() and SSL_CTX_set_options()). I haven't looked
>> into how to set it.
>
> Yes, I've figured it out. Guess we'd better share the ssl_protocol
> value parser code between libpq and the backend. Any precedent?
OK, looks like I've come up with something workable: I've added
sslprotocol connection string keyword similar to pre-existing
sslcompression, etc.
Please see attached v2 of the original patch. I'm having doubts about
the name of openssl.h header though, libpq-openssl.h?
--
Alex