[Pgpool-committers] pgpool - pgpool-II: Add SSL support.
User T-ishii
t-ishii at pgfoundry.org
Tue Jan 26 14:49:58 UTC 2010
Log Message:
-----------
Add SSL support. Patch contributed by Sean Finney.
-------------------------------------------------------------------
The new pool_ssl.c provides the necessary functions for negotiating
SSL based connections for both frontend and backend connections. child.c
has been updated to request the negotiation in both cases, and pool_stream.c
has been modified to use SSL based i/o functions if a connection has
successfully negotiated a connection.
SSL related failures should be handled as gracefully as possible. For
frontend connections, the client is allowed to continue in cleartext
in the case that SSL negotiation was not successful. For backend
connections, plaintext connections should continue as well, modulo
any pg_hba restrictions on the remote server. It is also possible to
have connections where only one of the frontend/backend uses SSL.
By default this functionality is off (further testing should be done
and perhaps better controls on certificate verification, etc).
New fields are added to the global pool configuration to allow specifying
SSL related settings:
* "ssl", global on/off switch (default: off)
* "ssl_cert", path to SSL public certificate (default: "")
* "ssl_key", path to SSL private key (default: "")
The sample pgpool.conf files have been updated with comments and sample
values for these new settings.
The autoconf build system has been updated with a new "--with-openssl" option
to allow enabling/disabling SSL support at build time. For simplicity and
clarity no effort is made to provide extra flexibility similar to the existing
--with-pgsql{,-include-dir,lib-dir} ./configure flags. In the meantime it's
expected that the necessary flags are provided via CFLAGS/LDFLAGS etc when
calling ./configure.
Modified Files:
--------------
pgpool-II:
Makefile.am (r1.29 -> r1.30)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/Makefile.am?r1=1.29&r2=1.30)
Makefile.in (r1.33 -> r1.34)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/Makefile.in?r1=1.33&r2=1.34)
child.c (r1.40 -> r1.41)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/child.c?r1=1.40&r2=1.41)
config.h.in (r1.9 -> r1.10)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/config.h.in?r1=1.9&r2=1.10)
configure (r1.33 -> r1.34)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/configure?r1=1.33&r2=1.34)
configure.in (r1.30 -> r1.31)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/configure.in?r1=1.30&r2=1.31)
main.c (r1.58 -> r1.59)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/main.c?r1=1.58&r2=1.59)
pgpool.conf.sample (r1.30 -> r1.31)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pgpool.conf.sample?r1=1.30&r2=1.31)
pgpool.conf.sample-master-slave (r1.1 -> r1.2)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pgpool.conf.sample-master-slave?r1=1.1&r2=1.2)
pgpool.conf.sample-replication (r1.1 -> r1.2)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pgpool.conf.sample-replication?r1=1.1&r2=1.2)
pool.h (r1.52 -> r1.53)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool.h?r1=1.52&r2=1.53)
pool_config.c (r1.33 -> r1.34)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_config.c?r1=1.33&r2=1.34)
pool_config.l (r1.29 -> r1.30)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_config.l?r1=1.29&r2=1.30)
pool_stream.c (r1.18 -> r1.19)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_stream.c?r1=1.18&r2=1.19)
Added Files:
-----------
pgpool-II:
pool_ssl.c (r1.1)
(http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_ssl.c?rev=1.1&content-type=text/x-cvsweb-markup)
More information about the Pgpool-committers
mailing list