i've a few questions for my ssl patch:
the way i've implemented ssl is by having a structure called PGcomm
which replaces the pair of Pfdebug/Pfin/Pfout. this structure
contains those values as well as the SSL state stuff (context * and
connection *). All functions which use(d) Pfin/Pfout/Pfdebug, either
as an argument or an extern variable, were modified to use this
structure. Does this seem appropriate?
Is there any value to having an OO like approach to the fe/be
communication API. So that other transport mechanisms/protocols can
be loaded in at will. Something other than the kludgish way I've got
#ifdef POSTGRESQL_SSL.
Would it be good to make positive (IMHO of course) changes to postgres
that make it easier for things like this to be done? It would also
allow my patch to be a lot cleaner, which is important. It would also
eliminate the need for me to patch every fwrite/fread that gets added
to the code.
Also, why does it exec() instead of just setting some variables and
calling the function that ends up getting run anyway? That would
eliminate the SSL data from getting destroyed and keeping it from
having to renegotiate the SSL connection.
--brett
http://www.chicken.org/pgsql/ssl/
