diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2010-02-25 23:45:04 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2010-02-25 23:45:04 +0000 |
| commit | 118e1cbec2d3e21a546caba9926e172964a9cb78 (patch) | |
| tree | 9ebdef8da9e3b31d26d5c319e1e70a127918ab74 /src/backend/libpq/be-secure.c | |
| parent | 739898dc3b300025ebc8d352648e191db5c9b82c (diff) | |
Back-patch addition of ssl_renegotiation_limit into 7.4 through 8.1.
Diffstat (limited to 'src/backend/libpq/be-secure.c')
| -rw-r--r-- | src/backend/libpq/be-secure.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index 851163b8866..5254ba081ee 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.56.4.5 2009/12/09 06:37:13 mha Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.56.4.6 2010/02/25 23:45:04 tgl Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -112,13 +112,14 @@ static void close_SSL(Port *); static const char *SSLerrmessage(void); #endif -#ifdef USE_SSL /* * How much data can be sent across a secure connection * (total in both directions) before we require renegotiation. + * Set to 0 to disable renegotiation completely. */ -#define RENEGOTIATION_LIMIT (512 * 1024 * 1024) +int ssl_renegotiation_limit; +#ifdef USE_SSL static SSL_CTX *SSL_context = NULL; #endif @@ -327,7 +328,7 @@ secure_write(Port *port, void *ptr, size_t len) { int err; - if (port->count > RENEGOTIATION_LIMIT) + if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L) { SSL_set_session_id_context(port->ssl, (void *) &SSL_context, sizeof(SSL_context)); |