diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2014-08-11 11:54:19 +0300 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2014-08-11 11:54:19 +0300 |
| commit | 680513ab79c7e12e402a2aad7921b95a25a4bcc8 (patch) | |
| tree | c2a5b1debb5599ae4a3522be921a78a6f1cf35c3 /src/interfaces/libpq/fe-connect.c | |
| parent | 6aa61580e08d58909b2a8845a4087b7699335ee0 (diff) | |
| download | postgresql-680513ab79c7e12e402a2aad7921b95a25a4bcc8.tar.gz postgresql-680513ab79c7e12e402a2aad7921b95a25a4bcc8.zip | |
Break out OpenSSL-specific code to separate files.
This refactoring is in preparation for adding support for other SSL
implementations, with no user-visible effects. There are now two #defines,
USE_OPENSSL which is defined when building with OpenSSL, and USE_SSL which
is defined when building with any SSL implementation. Currently, OpenSSL is
the only implementation so the two #defines go together, but USE_SSL is
supposed to be used for implementation-independent code.
The libpq SSL code is changed to use a custom BIO, which does all the raw
I/O, like we've been doing in the backend for a long time. That makes it
possible to use MSG_NOSIGNAL to block SIGPIPE when using SSL, which avoids
a couple of syscall for each send(). Probably doesn't make much performance
difference in practice - the SSL encryption is expensive enough to mask the
effect - but it was a natural result of this refactoring.
Based on a patch by Martijn van Oosterhout from 2006. Briefly reviewed by
Alvaro Herrera, Andreas Karlsson, Jeff Janes.
Diffstat (limited to 'src/interfaces/libpq/fe-connect.c')
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 540426cbe96..b0b0e1a6431 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -1961,7 +1961,7 @@ keep_going: /* We will come back to here until there is conn->allow_ssl_try = false; } if (conn->allow_ssl_try && !conn->wait_ssl_try && - conn->ssl == NULL) + !conn->ssl_in_use) { ProtocolVersion pv; @@ -2040,7 +2040,7 @@ keep_going: /* We will come back to here until there is * On first time through, get the postmaster's response to our * SSL negotiation packet. */ - if (conn->ssl == NULL) + if (!conn->ssl_in_use) { /* * We use pqReadData here since it has the logic to @@ -2310,7 +2310,7 @@ keep_going: /* We will come back to here until there is * connection already, then retry with an SSL connection */ if (conn->sslmode[0] == 'a' /* "allow" */ - && conn->ssl == NULL + && !conn->ssl_in_use && conn->allow_ssl_try && conn->wait_ssl_try) { @@ -2709,6 +2709,7 @@ makeEmptyPGconn(void) #ifdef USE_SSL conn->allow_ssl_try = true; conn->wait_ssl_try = false; + conn->ssl_in_use = false; #endif /* |