open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43915 Commits
38 Branches
669 Tags
734 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 1761653bbb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1761653bbb'
${ noResults }
postgres/src/backend/libpq
History
Robert Haas eaedf0df71
Update typedefs.list and re-run pgindent 		8 years ago
..
Makefile Support SCRAM-SHA-256 authentication (RFC 5802 and 7677). 9 years ago
README.SSL
auth-scram.c Update typedefs.list and re-run pgindent 8 years ago
auth.c Update typedefs.list and re-run pgindent 8 years ago
be-fsstubs.c Refactor permissions checks for large objects. 8 years ago
be-secure-openssl.c Support channel binding 'tls-unique' in SCRAM 8 years ago
be-secure.c Always use 2048 bit DH parameters for OpenSSL ephemeral DH ciphers. 9 years ago
crypt.c Don't allow logging in with empty password. 9 years ago
hba.c Fix some null pointer dereferences in LDAP auth code 8 years ago
ifaddr.c Replace most usages of ntoh[ls] and hton[sl] with pg_bswap.h. 8 years ago
pg_hba.conf.sample Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption. 9 years ago
pg_ident.conf.sample
pqcomm.c Change TRUE/FALSE to true/false 8 years ago
pqformat.c Add more efficient functions to pqformat API. 8 years ago
pqmq.c Clean up shm_mq cleanup. 8 years ago
pqsignal.c Update copyright via script for 2017 9 years ago

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------