mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-10-01 02:01:16 +02:00
Add libpq connection option to disable SSL compression
This can be used to remove the overhead of SSL compression on fast networks. Laurenz Albe
This commit is contained in:
parent
dd3bab5fd7
commit
64aea1ebc7
@ -494,6 +494,28 @@ PGconn *PQconnectdbParams(const char * const *keywords,
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry id="libpq-connect-sslcompression" xreflabel="sslcompression">
|
||||||
|
<term><literal>sslcompression</literal></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If set to 1 (default), data sent over SSL connections will be
|
||||||
|
compressed (this requires <productname>OpenSSL</> version
|
||||||
|
0.9.8 or later).
|
||||||
|
If set to 0, compression will be disabled (this requires
|
||||||
|
<productname>OpenSSL</> 1.0.0 or later).
|
||||||
|
This parameter is ignored if a connection without SSL is made,
|
||||||
|
or if the version of <productname>OpenSSL</> used does not support
|
||||||
|
it.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Compression uses CPU time, but can improve throughput if
|
||||||
|
the network is the bottleneck.
|
||||||
|
Disabling compression can improve response time and throughput
|
||||||
|
if CPU performance is the limiting factor.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry id="libpq-connect-sslcert" xreflabel="sslcert">
|
<varlistentry id="libpq-connect-sslcert" xreflabel="sslcert">
|
||||||
<term><literal>sslcert</literal></term>
|
<term><literal>sslcert</literal></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -6308,6 +6330,16 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
|
|||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<indexterm>
|
||||||
|
<primary><envar>PGSSLCOMPRESSION</envar></primary>
|
||||||
|
</indexterm>
|
||||||
|
<envar>PGSSLCOMPRESSION</envar> behaves the same as the <xref
|
||||||
|
linkend="libpq-connect-sslcompression"> connection parameter.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<indexterm>
|
<indexterm>
|
||||||
|
@ -222,6 +222,9 @@ static const PQconninfoOption PQconninfoOptions[] = {
|
|||||||
{"sslmode", "PGSSLMODE", DefaultSSLMode, NULL,
|
{"sslmode", "PGSSLMODE", DefaultSSLMode, NULL,
|
||||||
"SSL-Mode", "", 8}, /* sizeof("disable") == 8 */
|
"SSL-Mode", "", 8}, /* sizeof("disable") == 8 */
|
||||||
|
|
||||||
|
{"sslcompression", "PGSSLCOMPRESSION", "1", NULL,
|
||||||
|
"SSL-Compression", "", 1},
|
||||||
|
|
||||||
{"sslcert", "PGSSLCERT", NULL, NULL,
|
{"sslcert", "PGSSLCERT", NULL, NULL,
|
||||||
"SSL-Client-Cert", "", 64},
|
"SSL-Client-Cert", "", 64},
|
||||||
|
|
||||||
@ -621,6 +624,8 @@ fillPGconn(PGconn *conn, PQconninfoOption *connOptions)
|
|||||||
conn->keepalives_count = tmp ? strdup(tmp) : NULL;
|
conn->keepalives_count = tmp ? strdup(tmp) : NULL;
|
||||||
tmp = conninfo_getval(connOptions, "sslmode");
|
tmp = conninfo_getval(connOptions, "sslmode");
|
||||||
conn->sslmode = tmp ? strdup(tmp) : NULL;
|
conn->sslmode = tmp ? strdup(tmp) : NULL;
|
||||||
|
tmp = conninfo_getval(connOptions, "sslcompression");
|
||||||
|
conn->sslcompression = tmp ? strdup(tmp) : NULL;
|
||||||
tmp = conninfo_getval(connOptions, "sslkey");
|
tmp = conninfo_getval(connOptions, "sslkey");
|
||||||
conn->sslkey = tmp ? strdup(tmp) : NULL;
|
conn->sslkey = tmp ? strdup(tmp) : NULL;
|
||||||
tmp = conninfo_getval(connOptions, "sslcert");
|
tmp = conninfo_getval(connOptions, "sslcert");
|
||||||
|
@ -1292,6 +1292,16 @@ initialize_SSL(PGconn *conn)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If the OpenSSL version used supports it (from 1.0.0 on)
|
||||||
|
* and the user requested it, disable SSL compression.
|
||||||
|
*/
|
||||||
|
#ifdef SSL_OP_NO_COMPRESSION
|
||||||
|
if (conn->sslcompression && conn->sslcompression[0] == '0') {
|
||||||
|
SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -310,6 +310,7 @@ struct pg_conn
|
|||||||
char *keepalives_count; /* maximum number of TCP keepalive
|
char *keepalives_count; /* maximum number of TCP keepalive
|
||||||
* retransmits */
|
* retransmits */
|
||||||
char *sslmode; /* SSL mode (require,prefer,allow,disable) */
|
char *sslmode; /* SSL mode (require,prefer,allow,disable) */
|
||||||
|
char *sslcompression; /* SSL compression (0 or 1) */
|
||||||
char *sslkey; /* client key filename */
|
char *sslkey; /* client key filename */
|
||||||
char *sslcert; /* client certificate filename */
|
char *sslcert; /* client certificate filename */
|
||||||
char *sslrootcert; /* root certificate filename */
|
char *sslrootcert; /* root certificate filename */
|
||||||
|
Loading…
Reference in New Issue
Block a user