|
Hello!
The PostgreSQL doc says that if the application code is initializing OpenSSL, it should tell PostgreSQL libpq client library that OpenSSL initialization is already done:
I was wondering if this is still true with OpenSSL 1.1.0+
The APIs to initialize OpenSSL are OPENSSL_init_ssl() or OPENSSL_init_crypto().
According to the OpenSSL doc, version 1.1.0 initializes itself automatically when calling other APIs ...
As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required.
So, is a call to PQinitOpenSSL(0, 0) still needed?
I did some test with our application, and I could establish a TLS/SSL connection using server and client certificates.
What can go wrong in fact?
Can someone give me a hint, so I can prove that we really need to call PQinitOpenSSL(0,0)?
Note: Our application is for now single-threaded.
OpenSSL doc also states:
However, there may be situations when explicit initialisation is desirable or needed, for example when some nondefault initialisation is required.
If our application would requires nondefault initialization, I assume that PostgreSQL openssl usage will implicitly inherit the OpenSSL seetings of our application, right?
Can this be an issue for PostgreSQL, or can both just share the same OpenSSL settings/config?
Thanks!
Seb
|
