database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-07 00:36:50 +03:00
Code Activity

Add API functions to libpq to interrogate SSL related stuff.

Browse Source 
This makes it possible to query for things like the SSL version and cipher
used, without depending on OpenSSL functions or macros. That is a good
thing if we ever get another SSL implementation.

PQgetssl() still works, but it should be considered as deprecated as it
only works with OpenSSL. In particular, PQgetSslInUse() should be used to
check if a connection uses SSL, because as soon as we have another
implementation, PQgetssl() will return NULL even if SSL is in use.
This commit is contained in:
Heikki Linnakangas
2015-02-03 19:57:52 +02:00
parent 809d9a260b
commit 91fa7b4719
6 changed files with 264 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/bin/psql/command.c
View File

@ -30,9 +30,6 @@
#include <sys/types.h> /* for umask() */
#include <sys/stat.h> /* for stat() */
#endif
#ifdef USE_OPENSSL
#include <openssl/ssl.h>
#endif
#include "portability/instr_time.h"
@ -1815,28 +1812,24 @@ connection_warnings(bool in_startup)
static void
printSSLInfo(void)
{
#ifdef USE_OPENSSL
int sslbits = -1;
SSL *ssl;
const char *protocol;
const char *cipher;
const char *bits;
const char *compression;
ssl = PQgetssl(pset.db);
if (!ssl)
if (!PQsslInUse(pset.db))
return; /* no SSL */
SSL_get_cipher_bits(ssl, &sslbits);
printf(_("SSL connection (protocol: %s, cipher: %s, bits: %d, compression: %s)\n"),
SSL_get_version(ssl), SSL_get_cipher(ssl), sslbits,
SSL_get_current_compression(ssl) ? _("on") : _("off"));
#else
protocol = PQsslAttribute(pset.db, "protocol");
cipher = PQsslAttribute(pset.db, "cipher");
bits = PQsslAttribute(pset.db, "key_bits");
compression = PQsslAttribute(pset.db, "compression");
/*
* If psql is compiled without SSL but is using a libpq with SSL, we
* cannot figure out the specifics about the connection. But we know it's
* SSL secured.
*/
if (PQgetssl(pset.db))
printf(_("SSL connection (unknown cipher)\n"));
#endif
printf(_("SSL connection (protocol: %s, cipher: %s, bits: %s, compression: %s)\n"),
protocol ? protocol : _("unknown"),
cipher ? cipher : _("unknown"),
bits ? bits : _("unknown"),
(compression && strcmp(compression, "off") != 0) ? _("on") : _("off"));
}