rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend/libpq
History
Heikki Linnakangas 5c6df67e0c Fix building with LibreSSL. 
LibreSSL defines OPENSSL_VERSION_NUMBER to claim that it is version 2.0.0,
but it doesn't have the functions added in OpenSSL 1.1.0. Add autoconf
checks for the individual functions we need, and stop relying on
OPENSSL_VERSION_NUMBER.

Backport to 9.5 and 9.6, like the patch that broke this. In the
back-branches, there are still a few OPENSSL_VERSION_NUMBER checks left,
to check for OpenSSL 0.9.8 or 0.9.7. I left them as they were - LibreSSL
has all those functions, so they work as intended.

Per buildfarm member curculio.

Discussion: <2442.1473957669@sss.pgh.pa.us>
 		2016-09-15 22:52:51 +03:00
..
Makefile Move code shared between libpq and backend from backend/libpq/ to common/. 2016-09-02 13:49:59 +03:00
README.SSL Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
auth.c Move code shared between libpq and backend from backend/libpq/ to common/. 2016-09-02 13:49:59 +03:00
be-fsstubs.c Add macros to make AllocSetContextCreate() calls simpler and safer. 2016-08-27 17:50:38 -04:00
be-secure-openssl.c Fix building with LibreSSL. 2016-09-15 22:52:51 +03:00
be-secure.c pgindent run for 9.6 2016-06-09 18:02:36 -04:00
crypt.c Move code shared between libpq and backend from backend/libpq/ to common/. 2016-09-02 13:49:59 +03:00
hba.c Move code shared between libpq and backend from backend/libpq/ to common/. 2016-09-02 13:49:59 +03:00
ifaddr.c Move code shared between libpq and backend from backend/libpq/ to common/. 2016-09-02 13:49:59 +03:00
pg_hba.conf.sample Remove support for native krb5 authentication 2014-01-19 17:05:01 +01:00
pg_ident.conf.sample Reformat the comments in pg_hba.conf and pg_ident.conf 2010-01-26 06:58:39 +00:00
pqcomm.c Move code shared between libpq and backend from backend/libpq/ to common/. 2016-09-02 13:49:59 +03:00
pqformat.c Fix several mistakes around parallel workers and client_encoding. 2016-06-30 18:35:32 -04:00
pqmq.c Add a nonlocalized version of the severity field to client error messages. 2016-08-26 16:20:17 -04:00
pqsignal.c Update copyright for 2016 2016-01-02 13:33:40 -05:00

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------