rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend/libpq
History
Magnus Hagander 6a61d1ff9d Properly close token in sspi authentication 
We can never leak more than one token, but we shouldn't do that. We
don't bother closing it in the error paths since the process will
exit shortly anyway.

Christian Ullrich
 		2016-01-14 13:06:03 +01:00
..
Makefile Support frontend-backend protocol communication using a shm_mq. 2014-10-31 12:02:40 -04:00
README.SSL Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
auth.c Properly close token in sspi authentication 2016-01-14 13:06:03 +01:00
be-fsstubs.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
be-secure-openssl.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
be-secure.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
crypt.c Remove vestigial CHECK_FOR_INTERRUPTS call. 2016-01-07 11:26:54 -05:00
hba.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
ip.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
md5.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
pg_hba.conf.sample Remove support for native krb5 authentication 2014-01-19 17:05:01 +01:00
pg_ident.conf.sample Reformat the comments in pg_hba.conf and pg_ident.conf 2010-01-26 06:58:39 +00:00
pqcomm.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
pqformat.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
pqmq.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
pqsignal.c Update copyright for 2016 2016-01-02 13:33:40 -05:00

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------