Using the attached patch, SSL will act over Unix-domain sockets. AFAICT, this
just works. I didn't find a way to sniff a Unix-domain socket, however.
How should we proceed with this?
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
diff -ur ../cvs-pgsql/src/backend/postmaster/postmaster.c ./src/backend/postmaster/postmaster.c
--- ../cvs-pgsql/src/backend/postmaster/postmaster.c 2008-01-04 15:55:25.000000000 +0100
+++ ./src/backend/postmaster/postmaster.c 2008-01-04 16:44:35.000000000 +0100
@@ -1448,8 +1448,8 @@
char SSLok;
#ifdef USE_SSL
- /* No SSL when disabled or on Unix sockets */
- if (!EnableSSL || IS_AF_UNIX(port->laddr.addr.ss_family))
+ /* No SSL when disabled */
+ if (!EnableSSL)
SSLok = 'N';
else
SSLok = 'S'; /* Support for SSL */
diff -ur ../cvs-pgsql/src/interfaces/libpq/fe-connect.c ./src/interfaces/libpq/fe-connect.c
--- ../cvs-pgsql/src/interfaces/libpq/fe-connect.c 2008-01-04 15:55:31.000000000 +0100
+++ ./src/interfaces/libpq/fe-connect.c 2008-01-04 16:51:09.000000000 +0100
@@ -1261,11 +1261,6 @@
* If SSL is enabled and we haven't already got it running,
* request it instead of sending the startup message.
*/
- if (IS_AF_UNIX(conn->raddr.addr.ss_family))
- {
- /* Don't bother requesting SSL over a Unix socket */
- conn->allow_ssl_try = false;
- }
if (conn->allow_ssl_try && !conn->wait_ssl_try &&
conn->ssl == NULL)
{
---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at
http://www.postgresql.org/about/donate
