diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/be-secure.c | 9 | ||||
| -rw-r--r-- | src/backend/utils/misc/guc.c | 12 | ||||
| -rw-r--r-- | src/backend/utils/misc/postgresql.conf.sample | 2 |
3 files changed, 18 insertions, 5 deletions
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index 89cdee63399..9f3181eafcd 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.59.2.5 2009/12/09 06:37:17 mha Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.59.2.6 2010/02/25 23:44:27 tgl Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -117,13 +117,14 @@ static void close_SSL(Port *); static const char *SSLerrmessage(void); #endif -#ifdef USE_SSL /* * How much data can be sent across a secure connection * (total in both directions) before we require renegotiation. + * Set to 0 to disable renegotiation completely. */ -#define RENEGOTIATION_LIMIT (512 * 1024 * 1024) +int ssl_renegotiation_limit; +#ifdef USE_SSL static SSL_CTX *SSL_context = NULL; #endif @@ -332,7 +333,7 @@ secure_write(Port *port, void *ptr, size_t len) { int err; - if (port->count > RENEGOTIATION_LIMIT) + if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L) { SSL_set_session_id_context(port->ssl, (void *) &SSL_context, sizeof(SSL_context)); diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index ed734975854..ae75354b4a1 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -10,7 +10,7 @@ * Written by Peter Eisentraut <peter_e@gmx.net>. * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.299.2.7 2010/01/24 21:49:58 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.299.2.8 2010/02/25 23:44:27 tgl Exp $ * *-------------------------------------------------------------------- */ @@ -97,6 +97,7 @@ extern int CommitDelay; extern int CommitSiblings; extern char *default_tablespace; extern bool fullPageWrites; +extern int ssl_renegotiation_limit; #ifdef TRACE_SORT extern bool trace_sort; @@ -1501,6 +1502,15 @@ static struct config_int ConfigureNamesInt[] = }, { + {"ssl_renegotiation_limit", PGC_USERSET, CONN_AUTH_SECURITY, + gettext_noop("Set the amount of traffic to send and receive before renegotiating the encryption keys."), + NULL + }, + &ssl_renegotiation_limit, + 512 * 1024, 0, MAX_KILOBYTES, NULL, NULL + }, + + { {"tcp_keepalives_idle", PGC_USERSET, CLIENT_CONN_OTHER, gettext_noop("Seconds between issuing TCP keepalives."), gettext_noop("A value of 0 uses the system default."), diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index b1bdd3b4be4..29d7c078524 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -64,6 +64,8 @@ #authentication_timeout = 60 # 1-600, in seconds #ssl = off +#ssl_renegotiation_limit = 524288 # amount of data between renegotiations + # in kilobytes #password_encryption = on #db_user_namespace = off |