[Pgpool-hackers] [PATCH] Preface for incoming SSL patch

Tatsuo Ishii ishii at sraoss.co.jp
Tue Jan 26 14:55:22 UTC 2010 

Thanks. I have committed your patches with minor modifications.

- Adjust configure.in so that it defaults to non SSL support. Problem
  is, if we make it default to use SSL when ssl.h and libpq does not
  support SSL, pgpool build fail.

- Change indentation of pool_ssl.c to standard pgpool-II style (it is
  inherited from PostgreSQL).

- Modify pool_config.l rather than pool_config.c.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

> Hi again!
> 
> A few months back I broached the subject of getting SSL support into
> pgpool-II and it was agreed to be a desirable feature.  It got put on
> the backburner due to other projects (and then vacation, of course!),
> But I finally got around to revisiting this and have spent the last
> couple days hacking on this and have something to show, which should be
> immediately following this email.
> 
> I wouldn't call it a final product, but from some initial testing
> it seems to be working so I'd appreciate both code review and
> general testing of the new features.  In particular, there is no
> certificate checking/verification, nor are there settings similar to
> the sslmode={required,allowed,disabled} passed to psql.  These are both
> features I thought could be easily added on later.
> 
> Also note that the patch contains a change to configure.in (a boolean
> option --with-openssl to autodetect/enable/disable the support at
> build time), but it doesn't contain any changes to the autoconf/automake
> generated files (i had to run all three of autoreconf/libtoolize/automake
> here).  I'm not sure how you manage these files and it generates a lot
> of extra noise.
> 
> The --with-openssl flag could be improved to allow user-specified paths
> to OpenSSL installations, but my experience from other projects is that
> it's a bit messy to support the myriad of variations when it comes to
> how OpenSSL is installed "in the wild" (/usr/local/include/openssl vs.
> /usr/local/openssl/include, etc), so I've kept it simple for now.
> 
> The patch is based on the latest CVS repo (well, a local git mirror of
> your CVS repo, but I digress...).
> 
> And finally, regarding whitespace formatting, it's a bit inconsistant
> across the codebase but i've done my best to follow the surrounding code
> whereever possible.
> 
> So, please give me your feedback!
> 
> 	sean
> 
> 
> Sean Finney (1):
>   Add OpenSSL support for both frontend and backend connections
> 
>  Makefile.am                     |    2 +-
>  child.c                         |   24 +----
>  configure.in                    |   19 ++++
>  main.c                          |    6 ++
>  pgpool.conf.sample              |   10 ++
>  pgpool.conf.sample-master-slave |    9 ++
>  pgpool.conf.sample-replication  |    9 ++
>  pool.h                          |   24 +++++
>  pool_config.c                   |   50 +++++++++++
>  pool_ssl.c                      |  180 +++++++++++++++++++++++++++++++++++++++
>  pool_stream.c                   |   30 ++++++-
>  11 files changed, 339 insertions(+), 24 deletions(-)
>  create mode 100644 pool_ssl.c
> 
> _______________________________________________
> Pgpool-hackers mailing list
> Pgpool-hackers at pgfoundry.org
> http://pgfoundry.org/mailman/listinfo/pgpool-hackers

More information about the Pgpool-hackers mailing list