On 2014-08-11 09:11:08 +0000, Heikki Linnakangas wrote: > Break out OpenSSL-specific code to separate files. > > This refactoring is in preparation for adding support for other SSL > implementations, with no user-visible effects. There are now two #defines, > USE_OPENSSL which is defined when building with OpenSSL, and USE_SSL which > is defined when building with any SSL implementation. Currently, OpenSSL is > the only implementation so the two #defines go together, but USE_SSL is > supposed to be used for implementation-independent code. > > The libpq SSL code is changed to use a custom BIO, which does all the raw > I/O, like we've been doing in the backend for a long time. That makes it > possible to use MSG_NOSIGNAL to block SIGPIPE when using SSL, which avoids > a couple of syscall for each send(). Probably doesn't make much performance > difference in practice - the SSL encryption is expensive enough to mask the > effect - but it was a natural result of this refactoring. > > Based on a patch by Martijn van Oosterhout from 2006. Briefly reviewed by > Alvaro Herrera, Andreas Karlsson, Jeff Janes.
Any reason for the odd ordering of be_tls_write() in be-secure-openssl.c? It's: ssize_t be_tls_write(Port *port, void *ptr, size_t len) ... /* ------------------------------------------------------------ */ /* OpenSSL specific code */ /* ------------------------------------------------------------ */ ... static int my_sock_read(BIO *h, char *buf, int size) ... static int my_sock_write(BIO *h, const char *buf, int size) ... ... ssize_t be_tls_read(Port *port, void *ptr, size_t len) That doesn't really seem to make sense to me. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
