+
+ sslcompression
+
+ If set to 1 (default), data sent over SSL connections will be
+ compressed (this requires
OpenSSL version+ 0.9.8 or later).
+ If set to 0, compression will be disabled (this requires
+
OpenSSL 1.0.0 or later).+ This parameter is ignored if a connection without SSL is made,
+ or if the version of
OpenSSL used does not support+ it.
+
+ Compression uses CPU time, but can improve throughput if
+ the network is the bottleneck.
+ Disabling compression can improve response time and throughput
+ if CPU performance is the limiting factor.
+
+
+
+
sslcert
+
+
+
+
PGSSLCOMPRESSION behaves the same as the
+ linkend="libpq-connect-sslcompression"> connection parameter.
+
+
+
{"sslmode", "PGSSLMODE", DefaultSSLMode, NULL,
"SSL-Mode", "", 8}, /* sizeof("disable") == 8 */
+ {"sslcompression", "PGSSLCOMPRESSION", "1", NULL,
+ "SSL-Compression", "", 1},
+
{"sslcert", "PGSSLCERT", NULL, NULL,
"SSL-Client-Cert", "", 64},
conn->keepalives_count = tmp ? strdup(tmp) : NULL;
tmp = conninfo_getval(connOptions, "sslmode");
conn->sslmode = tmp ? strdup(tmp) : NULL;
+ tmp = conninfo_getval(connOptions, "sslcompression");
+ conn->sslcompression = tmp ? strdup(tmp) : NULL;
tmp = conninfo_getval(connOptions, "sslkey");
conn->sslkey = tmp ? strdup(tmp) : NULL;
tmp = conninfo_getval(connOptions, "sslcert");
}
}
+ /*
+ * If the OpenSSL version used supports it (from 1.0.0 on)
+ * and the user requested it, disable SSL compression.
+ */
+#ifdef SSL_OP_NO_COMPRESSION
+ if (conn->sslcompression && conn->sslcompression[0] == '0') {
+ SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
+ }
+#endif
+
return 0;
}
char *keepalives_count; /* maximum number of TCP keepalive
* retransmits */
char *sslmode; /* SSL mode (require,prefer,allow,disable) */
+ char *sslcompression; /* SSL compression (0 or 1) */
char *sslkey; /* client key filename */
char *sslcert; /* client certificate filename */
char *sslrootcert; /* root certificate filename */
projects / postgresql.git / commitdiff