I can certainly understand your motivation, and OpenSSL does seem to
want this cleared up in a new release. I'm nothing of a cryptographer,
so I'm just placing my trust in the simple mechanisms supplied with
the OpenSSL distribution.
Still, it's kind of a shame that PostgresQL's client library can't,
at present, be used with OpenSSL support on platforms not specifically
patched or augmented to provide /dev/?random. For example, because my
application specifically requires encryption, I'll need to continue to
apply my modification to my own builds. Yet it's an OpenSSL issue, not a
Postgres one. Would you feel it might be worth providing a compile-time
option? Perhaps it may be one that's sensitive to the OpenSSL version,
since it should be fixed eventually. It's kind of a workaround-style
approach, but it does deliver more utility to users who might not know
how to solve the problem otherwise.
On the other hand, I do understand the want and need to keep the code
base free of cruft-- it's not worth addressing every situation at the
expense of maintainability. I'm able to address this locally, so my
wheels aren't stuck in it.
Again, many, many thanks to everybody whose effort and intellect has
produced this fabulous product!
On Sun, Jan 20, 2002 at 01:00:50AM -0500, Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Did we come to a concusion on this?
>
> My opinion is "wait and see if OpenSSL fixes their problem".
>
> regards, tom lane
--
Jonathan Marks
Systems Administrator, Production Systems Group
Computing and Communication Services Office
University of Illinois at Urbana-Champaign