mirror of
https://github.com/postgres/postgres.git
synced 2025-07-02 09:02:37 +03:00
Standard pgindent run for 8.1.
This commit is contained in:
Bruce Momjian
@ -11,7 +11,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.58 2005/07/04 04:51:46 tgl Exp $
|
||||
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.59 2005/10/15 02:49:17 momjian Exp $
|
||||
*
|
||||
* Since the server static private key ($DataDir/server.key)
|
||||
* will normally be stored unencrypted so that the database
|
||||
@ -103,7 +103,7 @@
|
||||
|
||||
#define ROOT_CERT_FILE "root.crt"
|
||||
#define SERVER_CERT_FILE "server.crt"
|
||||
#define SERVER_PRIVATE_KEY_FILE "server.key"
|
||||
#define SERVER_PRIVATE_KEY_FILE "server.key"
|
||||
|
||||
static DH *load_dh_file(int keylength);
|
||||
static DH *load_dh_buffer(const char *, size_t);
|
||||
@ -276,8 +276,8 @@ rloop:
|
||||
case SSL_ERROR_WANT_WRITE:
|
||||
#ifdef WIN32
|
||||
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
|
||||
(err==SSL_ERROR_WANT_READ) ?
|
||||
FD_READ|FD_CLOSE : FD_WRITE|FD_CLOSE);
|
||||
(err == SSL_ERROR_WANT_READ) ?
|
||||
FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE);
|
||||
#endif
|
||||
goto rloop;
|
||||
case SSL_ERROR_SYSCALL:
|
||||
@ -353,7 +353,7 @@ secure_write(Port *port, void *ptr, size_t len)
|
||||
if (port->ssl->state != SSL_ST_OK)
|
||||
ereport(COMMERROR,
|
||||
(errcode(ERRCODE_PROTOCOL_VIOLATION),
|
||||
errmsg("SSL failed to send renegotiation request")));
|
||||
errmsg("SSL failed to send renegotiation request")));
|
||||
port->ssl->state |= SSL_ST_ACCEPT;
|
||||
SSL_do_handshake(port->ssl);
|
||||
if (port->ssl->state != SSL_ST_OK)
|
||||
@ -375,8 +375,8 @@ wloop:
|
||||
case SSL_ERROR_WANT_WRITE:
|
||||
#ifdef WIN32
|
||||
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
|
||||
(err==SSL_ERROR_WANT_READ) ?
|
||||
FD_READ|FD_CLOSE : FD_WRITE|FD_CLOSE);
|
||||
(err == SSL_ERROR_WANT_READ) ?
|
||||
FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE);
|
||||
#endif
|
||||
goto wloop;
|
||||
case SSL_ERROR_SYSCALL:
|
||||
@ -439,12 +439,12 @@ wloop:
|
||||
|
||||
static bool my_bio_initialized = false;
|
||||
static BIO_METHOD my_bio_methods;
|
||||
static int (*std_sock_read) (BIO *h, char *buf, int size);
|
||||
static int (*std_sock_read) (BIO *h, char *buf, int size);
|
||||
|
||||
static int
|
||||
my_sock_read(BIO *h, char *buf, int size)
|
||||
{
|
||||
int res;
|
||||
int res;
|
||||
|
||||
prepare_for_client_read();
|
||||
|
||||
@ -472,21 +472,21 @@ my_BIO_s_socket(void)
|
||||
static int
|
||||
my_SSL_set_fd(SSL *s, int fd)
|
||||
{
|
||||
int ret=0;
|
||||
BIO *bio=NULL;
|
||||
int ret = 0;
|
||||
BIO *bio = NULL;
|
||||
|
||||
bio=BIO_new(my_BIO_s_socket());
|
||||
bio = BIO_new(my_BIO_s_socket());
|
||||
|
||||
if (bio == NULL)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
|
||||
SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
|
||||
goto err;
|
||||
}
|
||||
BIO_set_fd(bio,fd,BIO_NOCLOSE);
|
||||
SSL_set_bio(s,bio,bio);
|
||||
ret=1;
|
||||
BIO_set_fd(bio, fd, BIO_NOCLOSE);
|
||||
SSL_set_bio(s, bio, bio);
|
||||
ret = 1;
|
||||
err:
|
||||
return(ret);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -539,7 +539,7 @@ load_dh_file(int keylength)
|
||||
(codes & DH_CHECK_P_NOT_SAFE_PRIME))
|
||||
{
|
||||
elog(LOG,
|
||||
"DH error (%s): neither suitable generator or safe prime",
|
||||
"DH error (%s): neither suitable generator or safe prime",
|
||||
fnbuf);
|
||||
return NULL;
|
||||
}
|
||||
@ -640,8 +640,8 @@ tmp_dh_cb(SSL *s, int is_export, int keylength)
|
||||
if (r == NULL || 8 * DH_size(r) < keylength)
|
||||
{
|
||||
ereport(DEBUG2,
|
||||
(errmsg_internal("DH: generating parameters (%d bits)....",
|
||||
keylength)));
|
||||
(errmsg_internal("DH: generating parameters (%d bits)....",
|
||||
keylength)));
|
||||
r = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NULL);
|
||||
}
|
||||
|
||||
@ -735,30 +735,30 @@ initialize_SSL(void)
|
||||
SSL_FILETYPE_PEM))
|
||||
ereport(FATAL,
|
||||
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
||||
errmsg("could not load server certificate file \"%s\": %s",
|
||||
SERVER_CERT_FILE, SSLerrmessage())));
|
||||
errmsg("could not load server certificate file \"%s\": %s",
|
||||
SERVER_CERT_FILE, SSLerrmessage())));
|
||||
|
||||
if (stat(SERVER_PRIVATE_KEY_FILE, &buf) == -1)
|
||||
ereport(FATAL,
|
||||
(errcode_for_file_access(),
|
||||
errmsg("could not access private key file \"%s\": %m",
|
||||
SERVER_PRIVATE_KEY_FILE)));
|
||||
errmsg("could not access private key file \"%s\": %m",
|
||||
SERVER_PRIVATE_KEY_FILE)));
|
||||
|
||||
/*
|
||||
* Require no public access to key file.
|
||||
*
|
||||
* XXX temporarily suppress check when on Windows, because there may
|
||||
* not be proper support for Unix-y file permissions. Need to
|
||||
* think of a reasonable check to apply on Windows. (See also the
|
||||
* data directory permission check in postmaster.c)
|
||||
* XXX temporarily suppress check when on Windows, because there may not
|
||||
* be proper support for Unix-y file permissions. Need to think of a
|
||||
* reasonable check to apply on Windows. (See also the data directory
|
||||
* permission check in postmaster.c)
|
||||
*/
|
||||
#if !defined(WIN32) && !defined(__CYGWIN__)
|
||||
if (!S_ISREG(buf.st_mode) || (buf.st_mode & (S_IRWXG | S_IRWXO)) ||
|
||||
buf.st_uid != geteuid())
|
||||
ereport(FATAL,
|
||||
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
||||
errmsg("unsafe permissions on private key file \"%s\"",
|
||||
SERVER_PRIVATE_KEY_FILE),
|
||||
errmsg("unsafe permissions on private key file \"%s\"",
|
||||
SERVER_PRIVATE_KEY_FILE),
|
||||
errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\".")));
|
||||
#endif
|
||||
|
||||
@ -861,8 +861,8 @@ aloop:
|
||||
case SSL_ERROR_WANT_WRITE:
|
||||
#ifdef WIN32
|
||||
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
|
||||
(err==SSL_ERROR_WANT_READ) ?
|
||||
FD_READ|FD_CLOSE|FD_ACCEPT : FD_WRITE|FD_CLOSE);
|
||||
(err == SSL_ERROR_WANT_READ) ?
|
||||
FD_READ | FD_CLOSE | FD_ACCEPT : FD_WRITE | FD_CLOSE);
|
||||
#endif
|
||||
goto aloop;
|
||||
case SSL_ERROR_SYSCALL:
|
||||
@ -873,7 +873,7 @@ aloop:
|
||||
else
|
||||
ereport(COMMERROR,
|
||||
(errcode(ERRCODE_PROTOCOL_VIOLATION),
|
||||
errmsg("could not accept SSL connection: EOF detected")));
|
||||
errmsg("could not accept SSL connection: EOF detected")));
|
||||
break;
|
||||
case SSL_ERROR_SSL:
|
||||
ereport(COMMERROR,
|
||||
@ -884,7 +884,7 @@ aloop:
|
||||
case SSL_ERROR_ZERO_RETURN:
|
||||
ereport(COMMERROR,
|
||||
(errcode(ERRCODE_PROTOCOL_VIOLATION),
|
||||
errmsg("could not accept SSL connection: EOF detected")));
|
||||
errmsg("could not accept SSL connection: EOF detected")));
|
||||
break;
|
||||
default:
|
||||
ereport(COMMERROR,
|
||||
@ -912,7 +912,7 @@ aloop:
|
||||
port->peer_dn, sizeof(port->peer_dn));
|
||||
port->peer_dn[sizeof(port->peer_dn) - 1] = '\0';
|
||||
X509_NAME_get_text_by_NID(X509_get_subject_name(port->peer),
|
||||
NID_commonName, port->peer_cn, sizeof(port->peer_cn));
|
||||
NID_commonName, port->peer_cn, sizeof(port->peer_cn));
|
||||
port->peer_cn[sizeof(port->peer_cn) - 1] = '\0';
|
||||
}
|
||||
ereport(DEBUG2,
|
||||
|
||||
Reference in New Issue
Block a user