database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-08-18 12:22:09 +03:00
Code Activity

Go over all OpenSSL return values and make sure we compare them

Browse Source 
to the documented API value. The previous code got it right as
it's implemented, but accepted too much/too little compared to
the API documentation.

Per comment from Zdenek Kotala.
This commit is contained in:
Magnus Hagander
2009-01-28 15:06:53 +00:00
parent 74f933a648
commit 53759b01ff
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/backend/libpq/be-secure.c
View File

@@ -11,7 +11,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.59.2.3 2007/05/18 01:20:33 tgl Exp $
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.59.2.4 2009/01/28 15:06:52 mha Exp $
*
* Since the server static private key ($DataDir/server.key)
* will normally be stored unencrypted so that the database
@@ -718,9 +718,9 @@ initialize_SSL(void)
/*
* Load and verify certificate and private key
*/
if (!SSL_CTX_use_certificate_file(SSL_context,
if (SSL_CTX_use_certificate_file(SSL_context,
SERVER_CERT_FILE,
SSL_FILETYPE_PEM))
SSL_FILETYPE_PEM) != 1)
ereport(FATAL,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("could not load server certificate file \"%s\": %s",
@@ -750,14 +750,14 @@ initialize_SSL(void)
errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\".")));
#endif
if (!SSL_CTX_use_PrivateKey_file(SSL_context,
if (SSL_CTX_use_PrivateKey_file(SSL_context,
SERVER_PRIVATE_KEY_FILE,
SSL_FILETYPE_PEM))
SSL_FILETYPE_PEM) != 1)
ereport(FATAL,
(errmsg("could not load private key file \"%s\": %s",
SERVER_PRIVATE_KEY_FILE, SSLerrmessage())));
if (!SSL_CTX_check_private_key(SSL_context))
if (SSL_CTX_check_private_key(SSL_context) != 1)
ereport(FATAL,
(errmsg("check of private key failed: %s",
SSLerrmessage())));
@@ -774,7 +774,7 @@ initialize_SSL(void)
/*
* Require and check client certificates only if we have a root.crt file.
*/
if (!SSL_CTX_load_verify_locations(SSL_context, ROOT_CERT_FILE, NULL))
if (SSL_CTX_load_verify_locations(SSL_context, ROOT_CERT_FILE, NULL) != 1)
{
/* Not fatal - we do not require client certificates */
ereport(LOG,