1
0
mirror of https://github.com/postgres/postgres.git synced 2025-08-27 07:42:10 +03:00

Yet another SSL patch. :-) This one adds some informational messages

on the server, if DebugLvl >= 2.

The patch also includes a late addition to the last patch
(X509_check_private_key()).  I'm not sure why it the currect
revision wasn't tagged.


Bear Giles
This commit is contained in:
Bruce Momjian
2002-06-14 04:38:04 +00:00
parent eb7afc1407
commit 1ed4a922b8
2 changed files with 64 additions and 4 deletions

View File

@@ -11,7 +11,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.3 2002/06/14 04:36:58 momjian Exp $
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.4 2002/06/14 04:38:04 momjian Exp $
*
* NOTES
* The client *requires* a valid server certificate. Since
@@ -66,6 +66,12 @@
* $HOME/.postgresql/postgresql.key
* respectively.
*
* ...
*
* We don't provide informational callbacks here (like
* info_cb() in be-secure.c), since there's mechanism to
* display that information to the client.
*
* OS DEPENDENCIES
* The code currently assumes a POSIX password entry. How should
* Windows and Mac users be handled?
@@ -88,7 +94,7 @@
* [*] server verifies client certificates
*
* milestone 5: provide informational callbacks
* [ ] provide informational callbacks
* [*] provide informational callbacks
*
* other changes
* [ ] tcp-wrappers
@@ -721,6 +727,17 @@ client_cert_cb (SSL *ssl, X509 **x509, EVP_PKEY **pkey)
}
fclose(fp);
/* verify that the cert and key go together */
if (!X509_check_private_key(*x509, *pkey))
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("certificate/private key mismatch (%s): %s\n"),
fnbuf, SSLerrmessage());
X509_free(*x509);
EVP_PKEY_free(*pkey);
return -1;
}
return 1;
}