upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-03-15 23:22:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/backend/libpq
History
Magnus Hagander 3276ca303d Properly close token in sspi authentication 
We can never leak more than one token, but we shouldn't do that. We
don't bother closing it in the error paths since the process will
exit shortly anyway.

Christian Ullrich
2016-01-14 13:07:20 +01:00
..
auth.c Properly close token in sspi authentication 2016-01-14 13:07:20 +01:00
be-fsstubs.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
be-secure-openssl.c Remove ssl renegotiation support. 2015-07-28 22:06:31 +02:00
be-secure.c Remove ssl renegotiation support. 2015-07-28 22:06:31 +02:00
crypt.c Don't allow immediate interrupts during authentication anymore. 2015-02-03 22:54:48 +01:00
hba.c Set include_realm=1 default in parse_hba_line 2015-11-06 11:18:33 -05:00
ip.c Remove code to match IPv4 pg_hba.conf entries to IPv4-in-IPv6 addresses. 2015-02-17 12:49:18 -05:00
Makefile Support frontend-backend protocol communication using a shm_mq. 2014-10-31 12:02:40 -04:00
md5.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
pg_hba.conf.sample Remove support for native krb5 authentication 2014-01-19 17:05:01 +01:00
pg_ident.conf.sample Reformat the comments in pg_hba.conf and pg_ident.conf 2010-01-26 06:58:39 +00:00
pqcomm.c Message improvements 2015-11-16 21:16:42 -05:00
pqformat.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
pqmq.c Don't send protocol messages to a shm_mq that no longer exists. 2015-10-16 09:49:08 -04:00
pqsignal.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
README.SSL Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------