with be-secure.c.

applications don't need the SSL headers.

Martijn van Oosterhout

In the SSL code in libpq it does some processing with DH parameters:

SSL_CTX_set_tmp_dh_callback()

This function is marked as server use only[1], the client always uses
the DH parameters in the server, so all the code in the client dealing
with the DH parameters is useless. This patch removes it.

It's not clear why the code was added in the first place, it's been
there almost since the beginning[2]. At the time there was a suggestion
of merging the front-end and backend SSL code, but looking at the
changes since, that seems unlikely.

As a further example, the s_server program allows you to specify DH
params, but s_client doesn't. In the GnuTLS documentation under
gnutls_dh_params_generate2() it says[3]:

  Also note that the DH parameters are only useful to servers. Since
  clients use the parameters sent by the server, it's of no use to call
  this in client side.

provided by configure, instead.  Per bug #2205.

PQregisterThreadLock().

I also remove the crypt() mention in the libpq threading section and
added a single sentence in the client-auth manual page under crypt().
Crypt authentication is so old now that a separate paragraph about it
seemed unwise.

I also added a comment about our use of locking around pqGetpwuid().

Windows. The test itself is bypassed in configure as discussed, and
libpq has been updated appropriately to allow it to build in thread-safe
mode.

Dave Page

since st_ino can't be trusted on that platform.  Per report from T.J.

from our long-established standard.

discussion on pgsql-hackers-win32 list.  Documentation still needs to
be tweaked --- I'm not sure how to refer to the APPDATA folder in
user documentation.

consistent.  On Unix we now always consult getpwuid(); $HOME isn't used
at all.  On Windows the code currently consults $USERPROFILE, or $HOME
if that's not defined, but I expect this will change as soon as the win32
hackers come to a consensus.  Nothing done yet about changing the file
names used underneath $USERPROFILE.

subroutine that can hide platform dependencies.  The WIN32 path is still
a stub, but I await a fix from one of the win32 hackers.
Also clean up unnecessary #ifdef WIN32 ugliness in a couple of places.

Tag appropriate files for rc3

Also performed an initial run through of upgrading our Copyright date to
extend to 2005 ... first run here was very simple ... change everything
where: grep 1996-2004 && the word 'Copyright' ... scanned through the
generated list with 'less' first, and after, to make sure that I only
picked up the right entries ...

handling in SIGPIPE processing; avoid unnecessary pollution of application
link-symbol namespace; spell 'pointer to function' in the conventional
way.

calling applications.  This is done by blocking sigpipe in the libpq
thread and using sigpending/sigwait to possibily discard any sigpipe we
generated.

postgresql.crt file simply isn't there, too.

free operations in client_cert_cb --- openssl will also attempt to free
these structures, resulting in core dumps.

Magnus Hagander

structures plus pointers used by the structure.

This greatly helps threaded libpq programs.

in open_client_SSL, surely we should do it everywhere.  Also make
message formatting conform to style guide.

stands a chance of looking it up.  "Unrecognised error" is always
disheartening.  :-)

Dominic Mitchell

Always create thread-specific variable.