On Thu, Nov 05, 2009 at 08:48:47AM +0100, Raimon Fernandez wrote: > Where can I find the steps to start an SSL connection with PostgreSQL ? > > The config files, certificates, etc. etc. must follow the same rules for > the libpq specification ? You follow the conventions of whatever SSL library you use. >> heck, you have to be a glutton to want to use libssl from openssl... >> there's something like 158 APIs and very little documentation on how >> to properly use them > > Doy you mean there's no 'easy' way to start-up an SSL connection from a > TCP/IP socket to postgresql ???? Sure, open up the documentation for the SSL library you want to use and find the function that lets you pass a open file descriptior. This function will handle the SSL startup for you and give you a handle for further communication. Personally I find the GnuTLS API to be much saner than openssl, in which case you just do: gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) FileDescriptor); /* Perform the TLS handshake */ ret = gnutls_handshake (session); See this example: http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-anonymous-authentication.html#Simple-client-example-with-anonymous-authentication Hope this helps, -- Martijn van Oosterhout <kleptog@xxxxxxxxx> http://svana.org/kleptog/ > Please line up in a tree and maintain the heap invariant while > boarding. Thank you for flying nlogn airlines.
Attachment:
signature.asc
Description: Digital signature
