mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-10-08 10:26:51 +02:00
e453cc2741
Code that check the flag no longer need #ifdef's, which is more convenient. In particular, makes it easier to write extensions that depend on it. In the passing, modify sslinfo's ssl_is_used function to check ssl_in_use instead of the OpenSSL specific 'ssl' pointer. It doesn't make any difference currently, as sslinfo is only compiled when built with OpenSSL, but seems cleaner anyway. |
||
---|---|---|
.. | ||
auth.c | ||
be-fsstubs.c | ||
be-secure-openssl.c | ||
be-secure.c | ||
crypt.c | ||
hba.c | ||
ip.c | ||
Makefile | ||
md5.c | ||
pg_hba.conf.sample | ||
pg_ident.conf.sample | ||
pqcomm.c | ||
pqformat.c | ||
pqmq.c | ||
pqsignal.c | ||
README.SSL |
src/backend/libpq/README.SSL SSL === >From the servers perspective: Receives StartupPacket | | (Is SSL_NEGOTIATE_CODE?) ----------- Normal startup | No | | Yes | | (Server compiled with USE_SSL?) ------- Send 'N' | No | | | | Yes Normal startup | | Send 'S' | | Establish SSL | | Normal startup >From the clients perspective (v6.6 client _with_ SSL): Connect | | Send packet with SSL_NEGOTIATE_CODE | | Receive single char ------- 'S' -------- Establish SSL | | | '<else>' | | Normal startup | | Is it 'E' for error ------------------- Retry connection | Yes without SSL | No | Is it 'N' for normal ------------------- Normal startup | Yes | Fail with unknown ---------------------------------------------------------------------------