Back-patch addition of ssl_renegotiation_limit into 7.4 through 8.1.

1 files changed, 6 insertions, 4 deletions

diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c
index 589424c6dd4..42f62caff0d 100644
--- a/src/backend/libpq/be-secure.c
+++ b/src/backend/libpq/be-secure.c
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.43.2.6 2009/12/09 06:37:09 mha Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.43.2.7 2010/02/25 23:45:28 tgl Exp $
  *
  *	  Since the server static private key ($DataDir/server.key)
  *	  will normally be stored unencrypted so that the database
@@ -112,14 +112,16 @@ static void close_SSL(Port *);
 static const char *SSLerrmessage(void);
 #endif
 
-#ifdef USE_SSL
 /*
  *	How much data can be sent across a secure connection
  *	(total in both directions) before we require renegotiation.
+ *	Set to 0 to disable renegotiation completely.
  */
-#define RENEGOTIATION_LIMIT (512 * 1024 * 1024)
+int ssl_renegotiation_limit;
+
 #define CA_PATH NULL
 
+#ifdef USE_SSL
 static SSL_CTX *SSL_context = NULL;
 #endif
 
@@ -318,7 +320,7 @@ secure_write(Port *port, void *ptr, size_t len)
 #ifdef USE_SSL
 	if (port->ssl)
 	{
-		if (port->count > RENEGOTIATION_LIMIT)
+		if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L)
 		{
 			SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
 									   sizeof(SSL_context));