diff options
author | Magnus Hagander | 2011-11-28 12:13:42 +0000 |
---|---|---|
committer | Magnus Hagander | 2011-11-28 12:13:42 +0000 |
commit | 64aea1ebc70dc597b79e2f7f4451472510a1e9bf (patch) | |
tree | 3cb08879f2083258aa694fe981d56dd30d44349b | |
parent | dd3bab5fd74db009c946278bb314c8458a2fef11 (diff) |
Add libpq connection option to disable SSL compression
This can be used to remove the overhead of SSL compression on
fast networks.
Laurenz Albe
-rw-r--r-- | doc/src/sgml/libpq.sgml | 32 | ||||
-rw-r--r-- | src/interfaces/libpq/fe-connect.c | 5 | ||||
-rw-r--r-- | src/interfaces/libpq/fe-secure.c | 10 | ||||
-rw-r--r-- | src/interfaces/libpq/libpq-int.h | 1 |
4 files changed, 48 insertions, 0 deletions
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 3d5f98ba2a..252ff8cc85 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -494,6 +494,28 @@ PGconn *PQconnectdbParams(const char * const *keywords, </listitem> </varlistentry> + <varlistentry id="libpq-connect-sslcompression" xreflabel="sslcompression"> + <term><literal>sslcompression</literal></term> + <listitem> + <para> + If set to 1 (default), data sent over SSL connections will be + compressed (this requires <productname>OpenSSL</> version + 0.9.8 or later). + If set to 0, compression will be disabled (this requires + <productname>OpenSSL</> 1.0.0 or later). + This parameter is ignored if a connection without SSL is made, + or if the version of <productname>OpenSSL</> used does not support + it. + </para> + <para> + Compression uses CPU time, but can improve throughput if + the network is the bottleneck. + Disabling compression can improve response time and throughput + if CPU performance is the limiting factor. + </para> + </listitem> + </varlistentry> + <varlistentry id="libpq-connect-sslcert" xreflabel="sslcert"> <term><literal>sslcert</literal></term> <listitem> @@ -6311,6 +6333,16 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough) <listitem> <para> <indexterm> + <primary><envar>PGSSLCOMPRESSION</envar></primary> + </indexterm> + <envar>PGSSLCOMPRESSION</envar> behaves the same as the <xref + linkend="libpq-connect-sslcompression"> connection parameter. + </para> + </listitem> + + <listitem> + <para> + <indexterm> <primary><envar>PGSSLCERT</envar></primary> </indexterm> <envar>PGSSLCERT</envar> behaves the same as the <xref diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index ed9dce941e..50f3f83aae 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -222,6 +222,9 @@ static const PQconninfoOption PQconninfoOptions[] = { {"sslmode", "PGSSLMODE", DefaultSSLMode, NULL, "SSL-Mode", "", 8}, /* sizeof("disable") == 8 */ + {"sslcompression", "PGSSLCOMPRESSION", "1", NULL, + "SSL-Compression", "", 1}, + {"sslcert", "PGSSLCERT", NULL, NULL, "SSL-Client-Cert", "", 64}, @@ -621,6 +624,8 @@ fillPGconn(PGconn *conn, PQconninfoOption *connOptions) conn->keepalives_count = tmp ? strdup(tmp) : NULL; tmp = conninfo_getval(connOptions, "sslmode"); conn->sslmode = tmp ? strdup(tmp) : NULL; + tmp = conninfo_getval(connOptions, "sslcompression"); + conn->sslcompression = tmp ? strdup(tmp) : NULL; tmp = conninfo_getval(connOptions, "sslkey"); conn->sslkey = tmp ? strdup(tmp) : NULL; tmp = conninfo_getval(connOptions, "sslcert"); diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index 9c6ced6a82..c6963bed94 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -1292,6 +1292,16 @@ initialize_SSL(PGconn *conn) } } + /* + * If the OpenSSL version used supports it (from 1.0.0 on) + * and the user requested it, disable SSL compression. + */ +#ifdef SSL_OP_NO_COMPRESSION + if (conn->sslcompression && conn->sslcompression[0] == '0') { + SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION); + } +#endif + return 0; } diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index d56ef5d489..64dfcb27fb 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -310,6 +310,7 @@ struct pg_conn char *keepalives_count; /* maximum number of TCP keepalive * retransmits */ char *sslmode; /* SSL mode (require,prefer,allow,disable) */ + char *sslcompression; /* SSL compression (0 or 1) */ char *sslkey; /* client key filename */ char *sslcert; /* client certificate filename */ char *sslrootcert; /* root certificate filename */ |