On Wed, Jan 28, 2015 at 10:13 AM, Heikki Linnakangas <hlinnakan...@vmware.com> wrote: > Here's a patch to implement the above scheme. It adds four functions to > libpq, to interrogate the SSL status: > > int PQsslInUse(const PGconn *conn) > Returns true (1) if the connection uses SSL, false (0) if not. > > const char *PQsslAttribute(const PGconn *conn, const char *attribute_name) > Returns a piece of information. The list of attributes depends on the > implementation, but there are a few that are expected to be supported by all > of them. See docs for details. > > const char **PQsslAttributes(const PGconn *conn); > Return an array of SSL attribute names available. > > void *PQsslStruct(const PGconn *conn, const char *struct_name) > Return a pointer to an SSL-implementation specific object describing the > connection. PQsslStruct(conn, "OpenSSL SSL") is equivalent to > PQgetssl(conn). > > I think this is expandable enough, because you can easily add attributes > later on, and different implementations can support different attributes. It > contains the escape hatch for applications that need to do more, and have > intimate knowledge of OpenSSL structs. It's also pretty easy to use.
I like it! Although I think "OpenSSL SSL" is a little bit duplicatively redundant. Why not just "OpenSSL"? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
