[Pgpool-hackers] [PATCH] Preface for incoming SSL patch
Tatsuo Ishii
ishii at sraoss.co.jp
Thu Jan 21 00:23:12 UTC 2010
Sean,
This is great! I'll look into your patches. Thanks!
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
> Hi again!
>
> A few months back I broached the subject of getting SSL support into
> pgpool-II and it was agreed to be a desirable feature. It got put on
> the backburner due to other projects (and then vacation, of course!),
> But I finally got around to revisiting this and have spent the last
> couple days hacking on this and have something to show, which should be
> immediately following this email.
>
> I wouldn't call it a final product, but from some initial testing
> it seems to be working so I'd appreciate both code review and
> general testing of the new features. In particular, there is no
> certificate checking/verification, nor are there settings similar to
> the sslmode={required,allowed,disabled} passed to psql. These are both
> features I thought could be easily added on later.
>
> Also note that the patch contains a change to configure.in (a boolean
> option --with-openssl to autodetect/enable/disable the support at
> build time), but it doesn't contain any changes to the autoconf/automake
> generated files (i had to run all three of autoreconf/libtoolize/automake
> here). I'm not sure how you manage these files and it generates a lot
> of extra noise.
>
> The --with-openssl flag could be improved to allow user-specified paths
> to OpenSSL installations, but my experience from other projects is that
> it's a bit messy to support the myriad of variations when it comes to
> how OpenSSL is installed "in the wild" (/usr/local/include/openssl vs.
> /usr/local/openssl/include, etc), so I've kept it simple for now.
>
> The patch is based on the latest CVS repo (well, a local git mirror of
> your CVS repo, but I digress...).
>
> And finally, regarding whitespace formatting, it's a bit inconsistant
> across the codebase but i've done my best to follow the surrounding code
> whereever possible.
>
> So, please give me your feedback!
>
> sean
>
>
> Sean Finney (1):
> Add OpenSSL support for both frontend and backend connections
>
> Makefile.am | 2 +-
> child.c | 24 +----
> configure.in | 19 ++++
> main.c | 6 ++
> pgpool.conf.sample | 10 ++
> pgpool.conf.sample-master-slave | 9 ++
> pgpool.conf.sample-replication | 9 ++
> pool.h | 24 +++++
> pool_config.c | 50 +++++++++++
> pool_ssl.c | 180 +++++++++++++++++++++++++++++++++++++++
> pool_stream.c | 30 ++++++-
> 11 files changed, 339 insertions(+), 24 deletions(-)
> create mode 100644 pool_ssl.c
>
> _______________________________________________
> Pgpool-hackers mailing list
> Pgpool-hackers at pgfoundry.org
> http://pgfoundry.org/mailman/listinfo/pgpool-hackers
More information about the Pgpool-hackers
mailing list