>> Those code fragment judges the return value from >> SSL_read(). secure_read() does retrying when SSL_ERROR_WANT_READ *and* >> SSL_ERROR_WANT_WRITE returned. However, pqsecure_read() does not retry >> when SSL_ERROR_WANT_READ. It seems they are not consistent. Comments? > > There's no particular reason why they should be consistent, I think. > The assumptions for nonblocking operation are different.
Ok. Thanks. BTW, usage of SSL_CTX_new() is different among frontend and backend as well. fe-secure.c: SSL_context = SSL_CTX_new(TLSv1_method()); be-secure.c: SSL_context = SSL_CTX_new(SSLv23_method()); In my understanding by using SSLV23_method, it is compatible with SSLv2, SSLv3, and TLSv1 protocol. So it seems there's no particular reason to use TLSv1_method(). Am I missing something? -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese: http://www.sraoss.co.jp -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
