[Pgpool-hackers] [PATCH] Preface for incoming SSL patch

Sean Finney sean at stickybit.se
Wed Jan 20 15:29:27 UTC 2010 

Hi again!

A few months back I broached the subject of getting SSL support into
pgpool-II and it was agreed to be a desirable feature.  It got put on
the backburner due to other projects (and then vacation, of course!),
But I finally got around to revisiting this and have spent the last
couple days hacking on this and have something to show, which should be
immediately following this email.

I wouldn't call it a final product, but from some initial testing
it seems to be working so I'd appreciate both code review and
general testing of the new features.  In particular, there is no
certificate checking/verification, nor are there settings similar to
the sslmode={required,allowed,disabled} passed to psql.  These are both
features I thought could be easily added on later.

Also note that the patch contains a change to configure.in (a boolean
option --with-openssl to autodetect/enable/disable the support at
build time), but it doesn't contain any changes to the autoconf/automake
generated files (i had to run all three of autoreconf/libtoolize/automake
here).  I'm not sure how you manage these files and it generates a lot
of extra noise.

The --with-openssl flag could be improved to allow user-specified paths
to OpenSSL installations, but my experience from other projects is that
it's a bit messy to support the myriad of variations when it comes to
how OpenSSL is installed "in the wild" (/usr/local/include/openssl vs.
/usr/local/openssl/include, etc), so I've kept it simple for now.

The patch is based on the latest CVS repo (well, a local git mirror of
your CVS repo, but I digress...).

And finally, regarding whitespace formatting, it's a bit inconsistant
across the codebase but i've done my best to follow the surrounding code
whereever possible.

So, please give me your feedback!

	sean


Sean Finney (1):
  Add OpenSSL support for both frontend and backend connections

 Makefile.am                     |    2 +-
 child.c                         |   24 +----
 configure.in                    |   19 ++++
 main.c                          |    6 ++
 pgpool.conf.sample              |   10 ++
 pgpool.conf.sample-master-slave |    9 ++
 pgpool.conf.sample-replication  |    9 ++
 pool.h                          |   24 +++++
 pool_config.c                   |   50 +++++++++++
 pool_ssl.c                      |  180 +++++++++++++++++++++++++++++++++++++++
 pool_stream.c                   |   30 ++++++-
 11 files changed, 339 insertions(+), 24 deletions(-)
 create mode 100644 pool_ssl.c

More information about the Pgpool-hackers mailing list