sl.h header though,
> libpq-openssl.h?
Perhaps ssloptions.[ch], unless you plan to add non-option-related code
there later?
BTW, there is no Regent code in your openssl.c, so the copyright
statement is incorrect.
DES
--
Dag-Erling Smørgrav - d...@des.no
--
Sent via pgsql-hackers mailing list (pg
Alex Shulgin writes:
> I can do that too, just need a hint where to look at in libpq/psql to
> add the option.
The place to *enforce* the option is src/interfaces/libpq/fe-secure.c
(look for SSLv23_method() and SSL_CTX_set_options()). I haven't looked
into how to set it.
DES
--
stage anyway, we
> should reject early.
It's not really "early or late", but rather "within the loop or at the
end of it". From the users' perspective, the difference is that they
get (to paraphrase) "SSLv2 is not allowed" instead of "syntax error&q
ibpq side as suggested in the
> original discussion might help here.
I can easily do that, but I won't have time until next week or so.
DES
--
Dag-Erling Smørgrav - d...@des.no
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http:
LSv1.2 | md5
26c375b6bdefb018b9dd7df463658320
Thus, if you disable all SSL 3.0 ciphers, you also disable TLS 1.0.
DES
--
Dag-Erling Smørgrav - d...@des.no
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
7;re planning to
backport 1.1 and 1.2 (which I seriously doubt).
DES
--
Dag-Erling Smørgrav - d...@des.no
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Martijn van Oosterhout writes:
> Dag-Erling Smørgrav writes:
> > Martijn van Oosterhout writes:
> > > Since you can already specify the cipher list, couldn't you just
> > > add -SSLv3 to the cipher list and be done?
> > I didn't want to change the exis
Martijn van Oosterhout writes:
> Dag-Erling Smørgrav writes:
> > If I understand correctly, imaps has been shown to be vulnerable as
> > well, so I wouldn't be so sure.
> Reference?
Sorry, no reference. I was told that Thunderbird was vulnerable to
POODLE when talking
Magnus Hagander writes:
> Yes, it does that. Though it only does it on 9.4,but with the facts we
> know now, what 9.4+ does is perfectly safe.
Agreed.
DES
--
Dag-Erling Smørgrav - d...@des.no
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes t
find a weakness in TLS 1.1 which is not
present in 1.0 because it involves a specific algorithm or mode that 1.0
does not support.
DES
--
Dag-Erling Smørgrav - d...@des.no
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
s
*no other choice* for an application than to explicitly select which
protocols it wants to use (or at least which protocols it wants to
avoid). And you can't change OpenSSL, because a ton of old crappy
software is going to break.
DES
--
Dag-Erling Smørgrav - d...@des.no
--
Se
is incomplete if we do want to do it.
I can update the patch to include the client side.
DES
--
Dag-Erling Smørgrav - d...@des.no
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
rable due to specific details of its
protocol or how it uses TLS, but that's a gamble which you will
eventually lose.
> Moreover, the GUC could easily be misused to decrease rather than increase
> one's security, if it's carelessly set.
That's the user's responsi
easier for everyone if a POODLE-like vulnerability
is discovered in TLS.
> You should as well register your patch to the current commit fest, I
> think you are still in time:
> https://commitfest.postgresql.org/action/commitfest_view?id=24
Thanks for reminding me.
DES
--
Dag-Erli
elog(FATAL, "invalid SSL protocol list");
+ switch (action) {
+ case '+':
+ result |= current;
+ break;
+ case '-':
+ result &= ~current;
+ break;
+ default:
+ result = current;
+ break;
+ }
+ }
+ /* forcibly disallow SSLv2 */
+ if (result & SSL_PROTO_SS
atically linked binaries are much easier to distribute, for one;
and there are platforms where shared libraries simply do not exist, or
where the entire system runs in a single namespace. Netware is still
alive and kicking.
DES
--
Dag-Erling Smørgrav - d...@des.no
--
Sent via pgsql-ha
as if the entire thing had been a single C file with some of
the functions declared as static. However, when you do that, you lose
an important advantage of static libraries: the ability to link only
what you need.
DES
--
Dag-Erling Smørgrav - d...@des.no
--
Sent via pgsql-hackers mailing li
Tom Lane writes:
> "Dag-Erling Smørgrav" writes:
> > Without this patch, pg_ctl fails to build...
> It builds for everybody else (and we do have multiple mingw machines in
> the buildfarm, so it's not like this doesn't get tested). I think there
> is so
eed to do is teach the mingw build path how
> to respect the exports list for libpq?
If that works, I'm all for it. I have no idea how to do it, though.
DES
--
Dag-Erling Smørgrav - d...@des.no
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make chan
Magnus Hagander writes:
> Dag-Erling Smørgrav writes:
> > Your users might need to link with both. I'm working on an
> > application that generates animations (specifically, animated
> > weather forecasts) based on data retrieved from a PostgreSQL
> > database.
Tom Lane writes:
> "Dag-Erling Smørgrav" writes:
> > 1. PostgreSQL's private versions of inet_aton etc. can conflict with
> > similar functions in other libraries (in my case, PostgreSQL's
> > inet_aton conflicts with libavformat's).
> So
bin/pg_config all install
DES
--
Dag-Erling Smørgrav - d...@des.no
--- src/include/port.h.orig 2009-11-14 16:39:41.0 +0100
+++ src/include/port.h 2010-03-10 13:17:27.0 +0100
@@ -337,6 +337,7 @@
* When necessary, these routines are provided by files in src/port/.
*/
#ifndef
x27;t enough. Google has tons of hits for articles and RDBMS reviews
that mention SuperSmack, but no hits for the actual software.
DES
--
Dag-Erling Smørgrav - [EMAIL PROTECTED]
---(end of broadcast)---
TIP 8: explain analyze is your friend
tore,
and I understand 7.4 is already in feature freeze, the earliest
opportunity for something like this would be 7.5.
DES
--
Dag-Erling Smørgrav - [EMAIL PROTECTED]
---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose
rigger test_id_always_default before insert on test for each row
execute procedure force_default_value ('id');
| ERROR: function force_default_value() does not exist
Any suggestions?
DES
--
Dag-Erling Smørgrav - [EMAIL PROTECTED]
Index: src/backend/parser/analyze.c
==
w.word );
CREATE RULE
des=# insert into test ( id, word ) values ( 42, 'hello' );
ERROR: infinite recursion detected in rules for relation "test"
des=# insert into test ( word ) values ( 'hello' );
ERROR: infinite recursion detected in rules for relation &q
ssion_Documents/FCD/4FCD1-02-Foundation-2002-01.pdf
I believe this is more up to date:
ftp://sqlstandards.org/SC32/WG3/Progression_Documents/FDIS/4FDIS1-02-Foundation-2003.pdf
DES
--
Dag-Erling Smørgrav - [EMAIL PROTECTED]
---(end of broadcast)---
TIP 8: explain analyze is your friend
27 matches
Mail list logo
