rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend/libpq
History
Michael Paquier a282697088 Remove code in charge of freeing regexps generation by Lab.c 
bea3d7e has redesigned the regexp engine so as all the allocations go
through palloc() with a dedicated memory context.  hba.c had to cope
with the past memory management logic by going through all the HBA and
ident lines generated, then directly free all the regexps found in
AuthTokens to ensure that no leaks would happen.  Such leaks could
happen for example in the postmaster after a SIGHUP, in the event of
an HBA and/or ident reload failure where all the new content parsed must
be discarded, including all the regexps that may have been compiled.

Now that regexps are palloc()'d in their own memory context,
MemoryContextDelete() is enough to ensure that all the compiled regexps
are properly gone.  Simplifying this logic in hba.c has the effect to
only remove code.  Most of it is new in v16, except the part for regexps
compiled in ident entries for the system username, so doing this cleanup
now rather than when v17 opens for business will reduce future diffs
with the upcoming REL_16_STABLE.

Some comments were incorrect since bea3d7e, now fixed to reflect the
reality.

Reviewed-by: Bertrand Drouvot, Álvaro Herrera
Discussion: https://postgr.es/m/ZDdJ289Ky2qEj4h+@paquier.xyz
 		2023-04-14 07:27:44 +09:00
..
Makefile Refactor SASL code with a generic interface for its mechanisms 2021-07-07 10:55:15 +09:00
README.SSL Move EDH support to common files 2018-01-23 07:11:38 -05:00
auth-sasl.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
auth-scram.c Make SCRAM iteration count configurable 2023-03-27 09:46:29 +02:00
auth.c Explicitly require MIT Kerberos for GSSAPI 2023-04-13 08:55:13 -04:00
be-fsstubs.c New header varatt.h split off from postgres.h 2023-01-10 05:54:36 +01:00
be-gssapi-common.c De-Revert "Add support for Kerberos credential delegation" 2023-04-13 08:55:07 -04:00
be-secure-common.c Common function for percent placeholder replacement 2023-01-11 10:42:35 +01:00
be-secure-gssapi.c Explicitly require MIT Kerberos for GSSAPI 2023-04-13 08:55:13 -04:00
be-secure-openssl.c Fix outdated references to guc.c 2023-03-02 13:49:39 +01:00
be-secure.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
crypt.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
hba.c Remove code in charge of freeing regexps generation by Lab.c 2023-04-14 07:27:44 +09:00
ifaddr.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
meson.build Update copyright for 2023 2023-01-02 15:00:37 -05:00
pg_hba.conf.sample Add description for new patterns supported in HBA and ident sample files 2023-02-16 07:38:52 +09:00
pg_ident.conf.sample Add description for new patterns supported in HBA and ident sample files 2023-02-16 07:38:52 +09:00
pqcomm.c Don't leak descriptors into subprograms. 2023-03-03 10:43:33 +13:00
pqformat.c Change argument type of pq_sendbytes from char * to void * 2023-02-14 13:32:19 +01:00
pqmq.c Perform apply of large transactions by parallel workers. 2023-01-09 07:52:45 +05:30
pqsignal.c Use WaitEventSet API for postmaster's event loop. 2023-01-12 16:32:20 +13:00

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------

Ephemeral DH
============

Since the server static private key ($DataDir/server.key) will
normally be stored unencrypted so that the database backend can
restart automatically, it is important that we select an algorithm
that continues to provide confidentiality even if the attacker has the
server's private key.  Ephemeral DH (EDH) keys provide this and more
(Perfect Forward Secrecy aka PFS).

N.B., the static private key should still be protected to the largest
extent possible, to minimize the risk of impersonations.

Another benefit of EDH is that it allows the backend and clients to
use DSA keys.  DSA keys can only provide digital signatures, not
encryption, and are often acceptable in jurisdictions where RSA keys
are unacceptable.

The downside to EDH is that it makes it impossible to use ssldump(1)
if there's a problem establishing an SSL session.  In this case you'll
need to temporarily disable EDH (see initialize_dh()).