Thread: Does libpq have SSL functions?

I'd like to build some SSL functionality into my C functions that
access the PostgreSQL database. My C functions are calling the
routines from libpq. By chance, are there any SSL functions inherent
to libpq for establishing a secure connection to the postmaster?

I mention this because I noticed in the source code for psql, the c
file startup.c has the following line:

ssl = PQgetssl(pset.db);

I didn't seem to find any other SSL references in the /src/bin/psql
directory using grep, but I know that psql can be built with SSL
support so I was hoping to use the code for that as a template.

Thanks.
-Tony

Yes.  Take a look at pg_hba.conf's hostssl option.  That will force SSL
for certain hosts.  You can also use 'requiressl' in your libpq
connection string.

---------------------------------------------------------------------------

Tony Reina wrote:
> I'd like to build some SSL functionality into my C functions that
> access the PostgreSQL database. My C functions are calling the
> routines from libpq. By chance, are there any SSL functions inherent
> to libpq for establishing a secure connection to the postmaster?
> 
> I mention this because I noticed in the source code for psql, the c
> file startup.c has the following line:
> 
> ssl = PQgetssl(pset.db);
> 
> I didn't seem to find any other SSL references in the /src/bin/psql
> directory using grep, but I know that psql can be built with SSL
> support so I was hoping to use the code for that as a template.
> 
> Thanks.
> -Tony
> 
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
>     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073
 

Your Pgconn already is SSL encrypted.

---------------------------------------------------------------------------

G. Anthony Reina wrote:
> Thanks for the reply Bruce.
> 
> Yes, I'm aware of the pg_hba.conf setting to require SSL connections, 
> however I was specifically asking if the C library for PostgreSQL had SSL 
> functions built in to relieve me of actually having to write the code for 
> the connections.
> 
> That is, do I specifically have to negotiate the SSL connections in my 
> program (i.e. ssl = SSL_new(ctx); if (SSL_connect(ssl)<=0) ...). Or, will 
> the  "conn = PQsetdb(pghost, pgport, pgoptions, pgtty, dbName); " already 
> setup conn as an SSL connection for me if I specify requiressl?
> 
> I think it is probably the former, but I'd hate to be reinventing the wheel 
> and encrypting an already encrypted connection.
> 
> Thanks.
> -Tony
> 
> 
> 
> --On Tuesday, April 15, 2003 5:19 PM -0400 Bruce Momjian 
> <pgman@candle.pha.pa.us> wrote:r
> 
> >
> > Yes.  Take a look at pg_hba.conf's hostssl option.  That will force SSL
> > for certain hosts.  You can also use 'requiressl' in your libpq
> > connection string.
> >
> > -------------------------------------------------------------------------
> > --
> >
> > Tony Reina wrote:
> >> I'd like to build some SSL functionality into my C functions that
> >> access the PostgreSQL database. My C functions are calling the
> >> routines from libpq. By chance, are there any SSL functions inherent
> >> to libpq for establishing a secure connection to the postmaster?
> >>
> >> I mention this because I noticed in the source code for psql, the c
> >> file startup.c has the following line:
> >>
> >> ssl = PQgetssl(pset.db);
> >>
> >> I didn't seem to find any other SSL references in the /src/bin/psql
> >> directory using grep, but I know that psql can be built with SSL
> >> support so I was hoping to use the code for that as a template.
> >>
> >> Thanks.
> >> -Tony
> 
> 
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073