upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-10 11:37:33 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/backend/libpq
History
Peter Eisentraut 4070489999 libpq: Use strerror_r instead of strerror 
Commit 453c468737 introduced a use of strerror() into libpq, but that
is not thread-safe.  Fix by using strerror_r() instead.

In passing, update some of the code comments added by 453c468737, as
we have learned more about the reason for the change in OpenSSL that
started this.

Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Discussion: Discussion: https://postgr.es/m/b6fb018b-f05c-4afd-abd3-318c649faf18@highgo.ca
2024-07-28 09:26:48 +02:00
..
auth-scram.c Fix buffer overflow when parsing SCRAM verifiers in backend 2019-06-17 21:48:17 +09:00
auth.c Avoid masking EOF (no-password-supplied) conditions in auth.c. 2024-01-03 17:40:38 -05:00
be-fsstubs.c Fix snapshot reference leak if lo_export fails. 2021-11-03 10:54:39 +02:00
be-gssapi-common.c Don't assume GSSAPI result strings are null-terminated. 2021-06-23 14:01:32 -04:00
be-secure-common.c Remove misguided SSL key file ownership check in libpq. 2022-05-26 14:14:05 -04:00
be-secure-gssapi.c Fix timing-dependent failure in GSSAPI data transmission. 2023-11-23 13:30:19 -05:00
be-secure-openssl.c libpq: Use strerror_r instead of strerror 2024-07-28 09:26:48 +02:00
be-secure.c Fix assorted issues in backend's GSSAPI encryption support. 2020-12-28 17:44:17 -05:00
crypt.c Fix detection of passwords hashed with MD5 or SCRAM-SHA-256 2019-04-23 15:43:21 +09:00
hba.c Raise fixed token-length limit in hba.c. 2023-07-27 12:07:48 -04:00
ifaddr.c Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00
Makefile GSSAPI encryption support 2019-04-03 15:02:33 -04:00
pg_hba.conf.sample gss: add missing references to hostgssenc and hostnogssenc 2020-05-25 20:19:28 -04:00
pg_ident.conf.sample Reformat the comments in pg_hba.conf and pg_ident.conf 2010-01-26 06:58:39 +00:00
pqcomm.c Disconnect if socket cannot be put into non-blocking mode 2024-03-12 10:18:54 +02:00
pqformat.c Fix more typos and inconsistencies in the tree 2019-06-17 16:13:16 +09:00
pqmq.c Update copyright for 2019 2019-01-02 12:44:25 -05:00
pqsignal.c In the postmaster, rely on the signal infrastructure to block signals. 2020-10-15 12:50:57 -04:00
README.SSL Move EDH support to common files 2018-01-23 07:11:38 -05:00

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------

Ephemeral DH
============

Since the server static private key ($DataDir/server.key) will
normally be stored unencrypted so that the database backend can
restart automatically, it is important that we select an algorithm
that continues to provide confidentiality even if the attacker has the
server's private key.  Ephemeral DH (EDH) keys provide this and more
(Perfect Forward Secrecy aka PFS).

N.B., the static private key should still be protected to the largest
extent possible, to minimize the risk of impersonations.

Another benefit of EDH is that it allows the backend and clients to
use DSA keys.  DSA keys can only provide digital signatures, not
encryption, and are often acceptable in jurisdictions where RSA keys
are unacceptable.

The downside to EDH is that it makes it impossible to use ssldump(1)
if there's a problem establishing an SSL session.  In this case you'll
need to temporarily disable EDH (see initialize_dh()).