Tom Lane wrote:
Chris Campbell <chris_campbell@mac.com> writes:
certainly not have exposed any new API that would help us tell this :-(
If said patches were done properly they'd have also turned an
application-level renegotiation request into a no-op, instead of
breaking apps by making it fail --- but apparently they were not done
properly.
Chris Campbell <chris_campbell@mac.com> writes:
Is there a way to detect when the SSL library has renegotiation disabled?
Probably not. The current set of emergency security patches wouldcertainly not have exposed any new API that would help us tell this :-(
If said patches were done properly they'd have also turned an
application-level renegotiation request into a no-op, instead of
breaking apps by making it fail --- but apparently they were not done
properly.
run-time (because I believe openssl is usually linked as a shared
object), which even further limits our options.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
