First of many patches on SSL code. The first patch just sets
the groundwork for future patches by pulling all SSL-specific
(and by implication all secure session) code into two new files,
be-secure.c and fe-secure.c
These files also contain a temporary checklist of pending patches:
* PATCH LEVEL
* milestone 1: fix basic coding errors
* [*] existing SSL code pulled out of existing files.
* [ ] SSL_get_error() after SSL_read() and SSL_write(),
* SSL_shutdown(), default to TLSv1.
*
* milestone 2: provide endpoint authentication (server)
* [ ] client verifies server cert
* [ ] client verifies server hostname
*
* milestone 3: improve confidentially, support perfect forward secrecy
* [ ] use 'random' file, read from '/dev/urandom?'
* [ ] emphermal DH keys, default values
*
* milestone 4: provide endpoint authentication (client)
* [ ] server verifies client certificates
*
* milestone 5: provide informational callbacks
* [ ] provide informational callbacks
*
* other changes
* [ ] tcp-wrappers
* [ ] more informative psql
Finally, because of the large number of patches (instead of a
monoblock patch) I'm managing them with CVS. Sorry about the
$Id$ and $Header$ in the diff....
Bear