rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend/libpq
History
Heikki Linnakangas 272923a0a6 Simplify the way OpenSSL renegotiation is initiated in server. 
At least in all modern versions of OpenSSL, it is enough to call
SSL_renegotiate() once, and then forget about it. Subsequent SSL_write()
and SSL_read() calls will finish the handshake.

The SSL_set_session_id_context() call is unnecessary too. We only have
one SSL context, and the SSL session was created with that to begin with.
 		2015-02-13 21:46:08 +02:00
..
Makefile Support frontend-backend protocol communication using a shm_mq. 2014-10-31 12:02:40 -04:00
README.SSL Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
auth.c Fix minor memory leak in ident_inet(). 2015-02-11 19:09:54 -05:00
be-fsstubs.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
be-secure-openssl.c Simplify the way OpenSSL renegotiation is initiated in server. 2015-02-13 21:46:08 +02:00
be-secure.c Process 'die' interrupts while reading/writing from the client socket. 2015-02-03 22:45:45 +01:00
crypt.c Don't allow immediate interrupts during authentication anymore. 2015-02-03 22:54:48 +01:00
hba.c Replace a bunch more uses of strncpy() with safer coding. 2015-01-24 13:05:42 -05:00
ip.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
md5.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
pg_hba.conf.sample Remove support for native krb5 authentication 2014-01-19 17:05:01 +01:00
pg_ident.conf.sample Reformat the comments in pg_hba.conf and pg_ident.conf 2010-01-26 06:58:39 +00:00
pqcomm.c Assert(PqCommReadingMsg) in pq_peekbyte(). 2015-02-06 23:14:27 -05:00
pqformat.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
pqmq.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
pqsignal.c Update copyright for 2015 2015-01-06 11:43:47 -05:00

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------