On Fri, Feb 18, 2011 at 10:42:20AM -0500, Andrew Dunstan wrote:
> Could we provide an abstraction layer over whatever SSL library is in
> use with things like read/write/poll? Maybe that's what you had in mind
> for the passthrough mode.
The suggested interface was as follows. It basically exposes the
read/write interface that libpq itself uses. Whether its enough for all
uses I don't know, but it was extensible.
From the patch:
+ /* Get data about current TLS connection */
+ extern PGresult *PQgettlsinfo(PGconn *conn);
+ /* Tell libpq whether it needs to initialize OpenSSL */ extern void PQinitSSL(int do_init);
+ /* Tell libpq we're taking over the connection. After this, no normal
+ * queries may be sent anymore. When finished you may close the connection */
+ typedef PostgresPollingStatusType (*pq_read_func)( PGconn *conn, void *buf, int *len);
+ typedef PostgresPollingStatusType (*pq_write_func)( PGconn *conn, const void *buf, int *len);
+ typedef int (*pq_pending_func)( PGconn *conn );
+
+ typedef struct {
+ int len; /* Length of this structure, so users may determine if the
+ info they require is there. For backward compatability,
+ new members can only be added to the end. */
+ pq_read_func read;
+ pq_write_func write;
+ pq_pending_func pending;
+
+ /* char *ssllibname; Need not yet demonstrated. */
+ /* void *sslptr; */
+ } PQpassthrough;
+
+ /* The pointer returned in state must be freed with PQfreemem() */
+ extern int PQsetPassthrough(PGconn *conn, PQpassthrough **state );
+
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> Patriotism is when love of your own people comes first; nationalism,
> when hate for people other than your own comes first.
> - Charles de Gaulle