modes (and replace the requiressl boolean). The four options were first
spelled out by Magnus Hagander <mha@sollentuna.net> on 2000-08-23 in email
to pgsql-hackers, archived here:
http://archives.postgresql.org/pgsql-hackers/2000-08/msg00639.php
My original less-flexible patch and the ensuing thread are archived at:
http://dbforums.com/t623845.html
Attached is a new patch, including documentation.
To sum up, there's a new client parameter "sslmode" and environment
variable "PGSSLMODE", with these options:
sslmode description
------- -----------
disable Unencrypted non-SSL only
allow Negotiate, prefer non-SSL
prefer Negotiate, prefer SSL (default)
require Require SSL
The only change to the server is a new pg_hba.conf line type,
"hostnossl", for specifying connections that are not allowed to use SSL
(for example, to prevent servers on a local network from accidentally
using SSL and wasting cycles). Thus the 3 pg_hba.conf line types are:
pg_hba.conf line types
----------------------
host applies to either SSL or regular connections
hostssl applies only to SSL connections
hostnossl applies only to regular connections
These client and server options, the postgresql.conf ssl = false option,
and finally the possibility of compiling with no SSL support at all,
make quite a range of combinations to test. I threw together a test
script to try many of them out. It's in a separate tarball with its
config files, a patch to psql so it'll announce SSL connections even in
absence of a tty, and the test output. The test is especially informative
when run on the same tty the postmaster was started on, so the FATAL:
errors during negotiation are interleaved with the psql client output.
I saw Tom write that new submissions for 7.4 have to be in before midnight
local time, and since I'm on the east coast in the US, this just makes it
in before the bell. :)
Jon Jensen
print.c: Add one more line to pager calculation to account for the prompt.
help.c: Call PageOutput with correct number of lines within slashUsage
Add one to line count in helpSQL to account for "Available help:" line.
Make copyright match COPYRIGHT file. (Just "1994")
Greg Sabino Mullane
> thought that I would see if I could come up with a simple solution, and
> have my first delve into the code for PostgreSQL.
>
> Attached is a diff against 7.3.3 source, of changes to describe.c for
> psql. This should print out a list of parent tables in a similar style
> to that of the index listing. I have done some testing on my side and it
> all seems fine, can some other people have a quick look? What do people
> think? Useful?
Nick Barr
dropped columns. Fix by using LEFT JOIN rather than straight join
between pg_attribute and pg_type. Also, use pg_type.oid as input to
format_type, so that we don't get a failure on deleted types of deleted
columns (this may be a change we ought to backpatch to 7.3....).
Alias the appropriate columns back to their original name.
Fixed formatting of a few other places as I went along (indenting)
--
Rod Taylor <rbt@rbt.ca>
> > It seems that readline() on my system (FreeBSD 4.8) isn't declared to
> > take the prompt as a const. Thus, remove const from gets_interactive()
> > to remove the warning.
>
> I think it would be a lot cleaner to just put a cast to char * into the
> readline call (with a note about why).
Ok.. that works.
I must say it's a little strange being able to take a constant and say
its no longer constant anymore -- but I suppose it's no different than
defining then undefining pre-processor constants.
Rod Taylor <rbt@rbt.ca>
and Dmitry Tkach. Specifically the previous fix still allowed the statement termination character through in unquoted places in the sql statement, and the driver never correctly handled someone passing a value of \0 in a string which under the v2 protocol would end the statement causing the following text to possibly
be treated as a new sql statement
Modified Files:
jdbc/org/postgresql/Driver.java.in
jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
was modified for IPv6. Use a robust definition of struct sockaddr_storage,
do a proper configure test to see if ss_len exists, don't assume that
getnameinfo() will handle AF_UNIX sockets, don't trust getaddrinfo to
return the protocol we ask for, etc. This incorporates several outstanding
patches from Kurt Roeckx, but I'm to blame for anything that doesn't
work ...
Bruce Momjian
Tom Lane
Michael Meskes
Peter Eisentraut
Barry Lind
Teodor Sigaev