database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-08-05 07:41:25 +03:00
Code Activity

Make Port->ssl_in_use available, even when built with !USE_SSL

Browse Source 
Code that check the flag no longer need #ifdef's, which is more convenient.
In particular, makes it easier to write extensions that depend on it.

In the passing, modify sslinfo's ssl_is_used function to check ssl_in_use
instead of the OpenSSL specific 'ssl' pointer. It doesn't make any
difference currently, as sslinfo is only compiled when built with OpenSSL,
but seems cleaner anyway.
This commit is contained in:
Heikki Linnakangas
2014-11-25 09:39:31 +02:00
parent f5d9698a84
commit e453cc2741
3 changed files with 8 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/sslinfo/sslinfo.c
View File

@@ -35,7 +35,7 @@ PG_FUNCTION_INFO_V1(ssl_is_used);
Datum Datum
ssl_is_used(PG_FUNCTION_ARGS) ssl_is_used(PG_FUNCTION_ARGS)
{ {
PG_RETURN_BOOL(MyProcPort->ssl != NULL); PG_RETURN_BOOL(MyProcPort->ssl_in_use);
} }

10
src/backend/libpq/hba.c
View File

@@ -925,15 +925,13 @@ parse_hba_line(List *line, int line_num, char *raw_line)
return NULL; return NULL;
#endif #endif
} }
#ifdef USE_SSL
else if (token->string[4] == 'n') /* "hostnossl" */ else if (token->string[4] == 'n') /* "hostnossl" */
{ {
parsedline->conntype = ctHostNoSSL; parsedline->conntype = ctHostNoSSL;
} }
#endif
else else
{ {
/* "host", or "hostnossl" and SSL support not built in */ /* "host" */
parsedline->conntype = ctHost; parsedline->conntype = ctHost;
} }
} /* record type */ } /* record type */
@@ -1684,7 +1682,6 @@ check_hba(hbaPort *port)
continue; continue;
/* Check SSL state */ /* Check SSL state */
#ifdef USE_SSL
if (port->ssl_in_use) if (port->ssl_in_use)
{ {
/* Connection is SSL, match both "host" and "hostssl" */ /* Connection is SSL, match both "host" and "hostssl" */
@@ -1697,11 +1694,6 @@ check_hba(hbaPort *port)
if (hba->conntype == ctHostSSL) if (hba->conntype == ctHostSSL)
continue; continue;
} }
#else
/* No SSL support, so reject "hostssl" lines */
if (hba->conntype == ctHostSSL)
continue;
#endif
/* Check IP address */ /* Check IP address */
switch (hba->ip_cmp_method) switch (hba->ip_cmp_method)

10
src/include/libpq/libpq-be.h
View File

@@ -184,14 +184,16 @@ typedef struct Port
#endif #endif
/* /*
* SSL structures (keep these last so that the locations of other fields * SSL structures.
* are the same whether or not you build with SSL)
*/ */
#ifdef USE_SSL
bool ssl_in_use; bool ssl_in_use;
char *peer_cn; char *peer_cn;
bool peer_cert_valid; bool peer_cert_valid;
#endif
/*
* OpenSSL structures. (Keep these last so that the locations of other
* fields are the same whether or not you build with OpenSSL.)
*/
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
SSL *ssl; SSL *ssl;
X509 *peer; X509 *peer;