Re: pgcrypto sha256/384/512 don't work on Redhat. Please help!
| От | Bruce Momjian |
|---|---|
| Тема | Re: pgcrypto sha256/384/512 don't work on Redhat. Please help! |
| Дата | |
| Msg-id | 200606071703.k57H3BD06819@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: pgcrypto sha256/384/512 don't work on Redhat. Please help! ("Joe Kramer" <cckramer@gmail.com>) |
| Список | pgsql-general |
HEAD only appears in 8.2, but 8.1.X means it will appear in 8.1.5. --------------------------------------------------------------------------- Joe Kramer wrote: > If it was commited to HEAD, it will appear in 8.1.5, right? > > On 5/30/06, Bruce Momjian <pgman@candle.pha.pa.us> wrote: > > > > Patch applied to CVS HEAD and 8.1.X. Thanks. > > > > --------------------------------------------------------------------------- > > > > > > > > Marko Kreen wrote: > > > On 5/9/06, Joe Kramer <cckramer@gmail.com> wrote: > > > > On 5/9/06, Marko Kreen <markokr@gmail.com> wrote: > > > > > The fact that Fedora pgcrypto is linked with OpenSSL that does not > > > > > support SHA256 is not a bug, just a fact. > > > > > > > > It's not Fedora only, same problem with Gentoo/portage. > > > > I think it's problem for all distros. You need recompile pgcrypto or install > > > > openssl 0.9.8 which is considered as "unstable" by most distros. > > > > > > > > Maybe pgcrypto should use built-in algorithms until OpenSSL 0.9.8 is > > > > mainstream/default install. > > > > > > To be honest, pgcrypto actually falls back on built-in code for AES, > > > in case old OpenSSL that does not have AES. Thats because AES > > > should be "always there", together with md5/sha1/blowfish. > > > > > > I do not consider SHA2 that important (yet?), so they don't > > > get same treatment. > > > > > > > > OTOH, the nicest solution to your problem would be self-compiled > > > > > pgcrypto, that would work with stock PostgreSQL. As the conflict > > > > > happens with only (new) SHA2 functions, I can prepare a patch for > > > > > symbol conflict, would that be satisfactory for you? > > > > > > > > Ideally, would be great if pgcrypto could fallback to built-in algorithm of > > > > OpenSSL don't support it. > > > > But since it's compile switch, completely seld-compiled pgcrypto would be > > > > great. > > > > > > Attached is a patch that re-defines SHA2 symbols so that they would not > > > conflict with OpenSSL. > > > > > > Now that I think about it, if your OpenSSL does not contain SHA2, then > > > there should be no conflict. But ofcourse, if someone upgrades OpenSSL, > > > server starts crashing. So I think its best to always apply this patch. > > > > > > I think I'll send the patch to 8.2 later, not sure if it's important > > > enough for 8.1. > > > > > > -- > > > marko > > > > [ Attachment, skipping... ] > > > > > > > > ---------------------------(end of broadcast)--------------------------- > > > TIP 6: explain analyze is your friend > > > > -- > > Bruce Momjian http://candle.pha.pa.us > > EnterpriseDB http://www.enterprisedb.com > > > > + If your life is a hard drive, Christ can be your backup. + > > > > ---------------------------(end of broadcast)--------------------------- > TIP 2: Don't 'kill -9' the postmaster > -- Bruce Momjian http://candle.pha.pa.us EnterpriseDB http://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
В списке pgsql-general по дате отправления: