It's today really hard to figure out if your SSL connection is
actually *using* SSL compression. This got extra hard when we the
default value started getting influenced by environment variables at
least on many platforms after the crime attacks. ISTM we should be
making this easier for the user.

Attached patch adds compression info at least to the header of the
psql banner, as that's very non-intrusive. I think this is a small
enough change, yet very useful, that we should squeeze it into 9.4
before the next beta. Not sure if it can be qualified enough of a bug
to backpatch further than that though.

As far as my research shows, the function
SSL_get_current_compression() which it uses was added in OpenSSL
0.9.6, which is a long time ago (stopped being maintained in 2004).
AFAICT even RHEL *3* shipped with 0.9.7. So I think we can safely rely
on it, especially since we only check for whether it returns NULL or


 Magnus Hagander
diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
index cede72a..b8a8e35 100644
--- a/src/bin/psql/command.c
+++ b/src/bin/psql/command.c
@@ -1800,8 +1800,9 @@ printSSLInfo(void)
 		return;					/* no SSL */
 	SSL_get_cipher_bits(ssl, &sslbits);
-	printf(_("SSL connection (protocol: %s, cipher: %s, bits: %d)\n"),
-		   SSL_get_version(ssl), SSL_get_cipher(ssl), sslbits);
+	printf(_("SSL connection (protocol: %s, cipher: %s, bits: %d, compression: %s)\n"),
+		   SSL_get_version(ssl), SSL_get_cipher(ssl), sslbits,
+		   SSL_get_current_compression(ssl) ? gettext_noop("yes") : gettext_noop("no"));
Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to