handle multiple 'formats' for data I/O.  Restructure CommandDest and
DestReceiver stuff one more time (it's finally starting to look a bit
clean though).  Code now matches latest 3.0 protocol document as far
as message formats go --- but there is no support for binary I/O yet.

it, and map that to close() on Unix.

have length words.  COPY OUT reimplemented per new protocol: it doesn't
need \. anymore, thank goodness.  COPY BINARY to/from frontend works,
at least as far as the backend is concerned --- libpq's PQgetline API
is not up to snuff, and will have to be replaced with something that is
null-safe.  libpq uses message length words for performance improvement
(no cycles wasted rescanning long messages), but not yet for error
recovery.

have length counts, and COPY IN data is packetized into messages.

with variable-width fields.  No more truncation of long user names.
Also, libpq can now send its environment-variable-driven SET commands
as part of the startup packet, saving round trips to server.

config files are present on one pass and not present on a later pass.

remove useless SockAddr_ntop() call.  Per report from Andreas Pflug.

machines without IPv6.  Or at least it works on HPUX 10.20 ...

function if the OS doesn't provide one.

SSL_read/write can error needing ERROR_WANT_READ or ERROR_WANT_WRITE.

typing error in src/backend/libpq/be-secure.c ???

Long Description
In src/backend/libpq/be-secure.c: secure_write
on SSL_ERROR_WANT_WRITE call secure_read instead
secure_write again. May be is this a typing error?

Sergey N. Yatskevich (syatskevich@n21lab.gosniias.msk.ru)

Neil Conway

in the SO_PEERCRED case. elif is misspelled as elsif for the test.
A patch is attached.

Bruno Wolff III

SIGPIPE disabled, and does not need to waste two syscalls per I/O on it.

Curious that gcc doesn't complain about unreferenced static variables.

of the socket file and socket lock file; this should prevent both of them
from being removed by even the stupidest varieties of /tmp-cleaning
script.  Per suggestion from Giles Lean.

interfaces.

believe I didn't notice this before -- once 64k was sent to/from the
server the client would crash.  Basicly, in 7.3 the server SSL code set
the initial state to "about to renegotiate" without actually starting
the renegotiation.  In addition, the server and client didn't properly
handle the SSL_ERROR_WANT_(READ|WRITE) error.  This is fixed in the
second patch.

Nathan Mueller

first, that I missed when checking over 7.3.1, was that the client
method was switched to SSLv23 along with the server.  The SSLv23 client
method does SSLv2 by default, but can also understand SSLv3.  In our
situation the SSLv2 backwords compatibility is really only needed on the
server.  This is the first patch.

The last thing is that I found a way for the server to understand SSLv2
HELLO messages (sent by pre-7.3 clients) but then get them to talk
SSLv3.  This is the last one.

Nathan Mueller

if the OS supports it.  Code will still compile on non-IPv6-aware
machines (feature added by Bruce).

Nigel Kukard

From the SSL_CTX_new man page:

"SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)

 A TLS/SSL connection established with these methods will understand the SSLv2,
 SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
 and will indicate that it also understands SSLv3 and TLSv1. A server will
 understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
 choice when compatibility is a concern."

This will maintain backwards compatibility for those us that don't use
TLS connections ...

failing to find pg_hba.conf should be a fatal error anyway, so I
increased the priority of the elog() from LOG to FATAL and refactored
the code a little bit.

Neil Conway

pqcomm.c, switched the ERROR logs to COMMERROR logs and it all works.
I've attached a patch to be-secure.c that fixes all my problems.

Nathan Mueller

returned -1, per SSL_get_error() documentation.

Nathan Mueller

report from Oliver Elphick.

Backpatch to 7.3.