postgres

History

Heikki Linnakangas 1c2b7c0879 Restore the SSL_set_session_id_context() call to OpenSSL renegotiation.

This reverts the removal of the call in commit (272923a0). It turns out it
wasn't superfluous after all: without it, renegotiation fails if a client
certificate was used. The rest of the changes in that commit are still OK
and not reverted.

Per investigation of bug #12769 by Arne Scheffer, although this doesn't fix
the reported bug yet.

2015-02-16 22:34:32 +02:00

auth.c

Fix minor memory leak in ident_inet().

2015-02-11 19:09:54 -05:00

be-fsstubs.c

Update copyright for 2015

2015-01-06 11:43:47 -05:00

be-secure-openssl.c

Restore the SSL_set_session_id_context() call to OpenSSL renegotiation.

2015-02-16 22:34:32 +02:00

be-secure.c

Simplify waiting logic in reading from / writing to client.

2015-02-13 21:46:14 +02:00

crypt.c

Don't allow immediate interrupts during authentication anymore.

2015-02-03 22:54:48 +01:00

hba.c

Replace a bunch more uses of strncpy() with safer coding.

2015-01-24 13:05:42 -05:00

ip.c

Update copyright for 2015

2015-01-06 11:43:47 -05:00

Makefile

Support frontend-backend protocol communication using a shm_mq.

2014-10-31 12:02:40 -04:00

md5.c

Update copyright for 2015

2015-01-06 11:43:47 -05:00

pg_hba.conf.sample

Remove support for native krb5 authentication

2014-01-19 17:05:01 +01:00

pg_ident.conf.sample

Reformat the comments in pg_hba.conf and pg_ident.conf

2010-01-26 06:58:39 +00:00

pqcomm.c

Simplify waiting logic in reading from / writing to client.

2015-02-13 21:46:14 +02:00

pqformat.c

2015-01-06 11:43:47 -05:00

pqmq.c

2015-01-06 11:43:47 -05:00

pqsignal.c

2015-01-06 11:43:47 -05:00

README.SSL

Remove useless whitespace at end of lines

2010-11-23 22:34:55 +02:00

README.SSL

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------