[Pgpool-hackers] [PATCH] Preface for incoming SSL patch

Tatsuo Ishii ishii at sraoss.co.jp
Thu Jan 21 00:23:12 UTC 2010 

Sean,

This is great! I'll look into your patches. Thanks!
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

> Hi again!
> 
> A few months back I broached the subject of getting SSL support into
> pgpool-II and it was agreed to be a desirable feature.  It got put on
> the backburner due to other projects (and then vacation, of course!),
> But I finally got around to revisiting this and have spent the last
> couple days hacking on this and have something to show, which should be
> immediately following this email.
> 
> I wouldn't call it a final product, but from some initial testing
> it seems to be working so I'd appreciate both code review and
> general testing of the new features.  In particular, there is no
> certificate checking/verification, nor are there settings similar to
> the sslmode={required,allowed,disabled} passed to psql.  These are both
> features I thought could be easily added on later.
> 
> Also note that the patch contains a change to configure.in (a boolean
> option --with-openssl to autodetect/enable/disable the support at
> build time), but it doesn't contain any changes to the autoconf/automake
> generated files (i had to run all three of autoreconf/libtoolize/automake
> here).  I'm not sure how you manage these files and it generates a lot
> of extra noise.
> 
> The --with-openssl flag could be improved to allow user-specified paths
> to OpenSSL installations, but my experience from other projects is that
> it's a bit messy to support the myriad of variations when it comes to
> how OpenSSL is installed "in the wild" (/usr/local/include/openssl vs.
> /usr/local/openssl/include, etc), so I've kept it simple for now.
> 
> The patch is based on the latest CVS repo (well, a local git mirror of
> your CVS repo, but I digress...).
> 
> And finally, regarding whitespace formatting, it's a bit inconsistant
> across the codebase but i've done my best to follow the surrounding code
> whereever possible.
> 
> So, please give me your feedback!
> 
> 	sean
> 
> 
> Sean Finney (1):
>   Add OpenSSL support for both frontend and backend connections
> 
>  Makefile.am                     |    2 +-
>  child.c                         |   24 +----
>  configure.in                    |   19 ++++
>  main.c                          |    6 ++
>  pgpool.conf.sample              |   10 ++
>  pgpool.conf.sample-master-slave |    9 ++
>  pgpool.conf.sample-replication  |    9 ++
>  pool.h                          |   24 +++++
>  pool_config.c                   |   50 +++++++++++
>  pool_ssl.c                      |  180 +++++++++++++++++++++++++++++++++++++++
>  pool_stream.c                   |   30 ++++++-
>  11 files changed, 339 insertions(+), 24 deletions(-)
>  create mode 100644 pool_ssl.c
> 
> _______________________________________________
> Pgpool-hackers mailing list
> Pgpool-hackers at pgfoundry.org
> http://pgfoundry.org/mailman/listinfo/pgpool-hackers

More information about the Pgpool-hackers mailing list