Re: libpq compression

Поиск
Список
Период
Сортировка
От Alvaro Herrera
Тема Re: libpq compression
Дата
Msg-id 1340204219-sup-2061@alvh.no-ip.org
обсуждение исходный текст
Ответ на Re: libpq compression  (Florian Pflug <fgp@phlo.org>)
Ответы Re: libpq compression  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-hackers
Дерево обсуждения 
Excerpts from Florian Pflug's message of mié jun 20 06:35:29 -0400 2012:
> On Jun19, 2012, at 17:36 , Robert Haas wrote:
> > On Mon, Jun 18, 2012 at 1:42 PM, Martijn van Oosterhout
> > <kleptog@svana.org> wrote:
> >> On Sun, Jun 17, 2012 at 12:29:53PM -0400, Tom Lane wrote:
> >>> The fly in the ointment with any of these ideas is that the "configure
> >>> list" is not a list of exact cipher names, as per Magnus' comment that
> >>> the current default includes tests like "!aNULL".  I am not sure that
> >>> we know how to evaluate such conditions if we are applying an
> >>> after-the-fact check on the selected cipher.  Does OpenSSL expose any
> >>> API for evaluating whether a selected cipher meets such a test?
> >>
> >> I'm not sure whether there's an API for it, but you can certainly check
> >> manually with "openssl ciphers -v", for example:
> >>
> >> $ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
> >> NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
> >> NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5
> >>
> >> ...etc...
> >>
> >> So unless the openssl includes the code twice there must be a way to
> >> extract the list from the library.
> >
> > There doubtless is, but I'd being willing to wager that you won't be
> > able to figure out the exact method without reading the source code
> > for 'opennssl ciphers' to see how it was done there, and most likely
> > you'll find that at least one of the functions they use has no man
> > page.  Documentation isn't their strong point.
>
> Yes, unfortunately.

I looked at the code (apps/ciphers.c) and it looks pretty easy to obtain
the list of ciphers starting from the stringified configuration
parameter and iterate on them.  The problem is figuring out whether any
given cipher meets some criteria; all the stuff that the command prints
after the cipher name comes from a "get cipher description" API call and
it doesn't look like there's any simple way of getting the individual
bits in some better form (assuming we don't want to parse the
description string).

Now if the cipher name is enough for whatever it is that we want, then
that looks easy.

--
Álvaro Herrera <alvherre@commandprompt.com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

В списке pgsql-hackers по дате отправления:

Предыдущее
От: David Fetter
Дата:
Сообщение: Nasty, propagating POLA violation in COPY CSV HEADER
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Allow WAL information to recover corrupted pg_controldata