summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Hagander2011-11-28 12:13:42 +0000
committerMagnus Hagander2011-11-28 12:13:42 +0000
commit64aea1ebc70dc597b79e2f7f4451472510a1e9bf (patch)
tree3cb08879f2083258aa694fe981d56dd30d44349b
parentdd3bab5fd74db009c946278bb314c8458a2fef11 (diff)
Add libpq connection option to disable SSL compression
This can be used to remove the overhead of SSL compression on fast networks. Laurenz Albe
-rw-r--r--doc/src/sgml/libpq.sgml32
-rw-r--r--src/interfaces/libpq/fe-connect.c5
-rw-r--r--src/interfaces/libpq/fe-secure.c10
-rw-r--r--src/interfaces/libpq/libpq-int.h1
4 files changed, 48 insertions, 0 deletions
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 3d5f98ba2a..252ff8cc85 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -494,6 +494,28 @@ PGconn *PQconnectdbParams(const char * const *keywords,
</listitem>
</varlistentry>
+ <varlistentry id="libpq-connect-sslcompression" xreflabel="sslcompression">
+ <term><literal>sslcompression</literal></term>
+ <listitem>
+ <para>
+ If set to 1 (default), data sent over SSL connections will be
+ compressed (this requires <productname>OpenSSL</> version
+ 0.9.8 or later).
+ If set to 0, compression will be disabled (this requires
+ <productname>OpenSSL</> 1.0.0 or later).
+ This parameter is ignored if a connection without SSL is made,
+ or if the version of <productname>OpenSSL</> used does not support
+ it.
+ </para>
+ <para>
+ Compression uses CPU time, but can improve throughput if
+ the network is the bottleneck.
+ Disabling compression can improve response time and throughput
+ if CPU performance is the limiting factor.
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry id="libpq-connect-sslcert" xreflabel="sslcert">
<term><literal>sslcert</literal></term>
<listitem>
@@ -6311,6 +6333,16 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
<listitem>
<para>
<indexterm>
+ <primary><envar>PGSSLCOMPRESSION</envar></primary>
+ </indexterm>
+ <envar>PGSSLCOMPRESSION</envar> behaves the same as the <xref
+ linkend="libpq-connect-sslcompression"> connection parameter.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <indexterm>
<primary><envar>PGSSLCERT</envar></primary>
</indexterm>
<envar>PGSSLCERT</envar> behaves the same as the <xref
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index ed9dce941e..50f3f83aae 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -222,6 +222,9 @@ static const PQconninfoOption PQconninfoOptions[] = {
{"sslmode", "PGSSLMODE", DefaultSSLMode, NULL,
"SSL-Mode", "", 8}, /* sizeof("disable") == 8 */
+ {"sslcompression", "PGSSLCOMPRESSION", "1", NULL,
+ "SSL-Compression", "", 1},
+
{"sslcert", "PGSSLCERT", NULL, NULL,
"SSL-Client-Cert", "", 64},
@@ -621,6 +624,8 @@ fillPGconn(PGconn *conn, PQconninfoOption *connOptions)
conn->keepalives_count = tmp ? strdup(tmp) : NULL;
tmp = conninfo_getval(connOptions, "sslmode");
conn->sslmode = tmp ? strdup(tmp) : NULL;
+ tmp = conninfo_getval(connOptions, "sslcompression");
+ conn->sslcompression = tmp ? strdup(tmp) : NULL;
tmp = conninfo_getval(connOptions, "sslkey");
conn->sslkey = tmp ? strdup(tmp) : NULL;
tmp = conninfo_getval(connOptions, "sslcert");
diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c
index 9c6ced6a82..c6963bed94 100644
--- a/src/interfaces/libpq/fe-secure.c
+++ b/src/interfaces/libpq/fe-secure.c
@@ -1292,6 +1292,16 @@ initialize_SSL(PGconn *conn)
}
}
+ /*
+ * If the OpenSSL version used supports it (from 1.0.0 on)
+ * and the user requested it, disable SSL compression.
+ */
+#ifdef SSL_OP_NO_COMPRESSION
+ if (conn->sslcompression && conn->sslcompression[0] == '0') {
+ SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
+ }
+#endif
+
return 0;
}
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index d56ef5d489..64dfcb27fb 100644
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -310,6 +310,7 @@ struct pg_conn
char *keepalives_count; /* maximum number of TCP keepalive
* retransmits */
char *sslmode; /* SSL mode (require,prefer,allow,disable) */
+ char *sslcompression; /* SSL compression (0 or 1) */
char *sslkey; /* client key filename */
char *sslcert; /* client certificate filename */
char *sslrootcert; /* root certificate filename */