rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend/libpq
History
Heikki Linnakangas b93827c745 Treat clean shutdown of an SSL connection same as the non-SSL case. 
If the client closes an SSL connection, treat it the same as EOF on a
non-SSL connection. In particular, don't write a message in the log about
that.

Michael Paquier.

Discussion: https://www.postgresql.org/message-id/CAB7nPqSfyVV42Q2acFo%3DvrvF2gxoZAMJLAPq3S3KkjhZAYi7aw@mail.gmail.com
 		2017-07-03 14:51:51 +03:00
..
Makefile Support SCRAM-SHA-256 authentication (RFC 5802 and 7677). 2017-03-07 14:25:40 +02:00
README.SSL Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
auth-scram.c Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
auth.c Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
be-fsstubs.c Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
be-secure-openssl.c Treat clean shutdown of an SSL connection same as the non-SSL case. 2017-07-03 14:51:51 +03:00
be-secure.c Re-allow SSL passphrase prompt at server start, but not thereafter. 2017-01-04 12:44:03 -05:00
crypt.c Post-PG 10 beta1 pgindent run 2017-05-17 16:31:56 -04:00
hba.c Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
ifaddr.c Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
pg_hba.conf.sample Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption. 2017-04-18 14:50:50 +03:00
pg_ident.conf.sample Reformat the comments in pg_hba.conf and pg_ident.conf 2010-01-26 06:58:39 +00:00
pqcomm.c Second try at fixing tcp_keepalives_idle option on Solaris. 2017-06-28 12:30:16 -04:00
pqformat.c Update copyright via script for 2017 2017-01-03 13:48:53 -05:00
pqmq.c Clean up latch related code. 2017-06-06 16:13:00 -07:00
pqsignal.c Update copyright via script for 2017 2017-01-03 13:48:53 -05:00

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------