Remove sslverify parameter again, replacing it with two new sslmode values:

"verify-ca" and "verify-full". Since "prefer" remains the default, this will make certificate validation off by default, which should lead to less upgrade issues.
2025-07-05 07:21:24 +03:00 · 2009-04-24 09:43:10 +00:00
parent 420ea68817
commit e883d0b551
5 changed files with 89 additions and 102 deletions
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.372 2009/01/01 17:24:03 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.373 2009/04/24 09:43:10 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -91,11 +91,9 @@ static int ldapServiceLookup(const char *purl, PQconninfoOption *options,
 #define DefaultAuthtype		  ""
 #define DefaultPassword		  ""
 #ifdef USE_SSL
-#define DefaultSSLMode	"prefer"
-#define DefaultSSLVerify "cn"
+#define DefaultSSLMode "prefer"
 #else
 #define DefaultSSLMode	"disable"
-#define DefaultSSLVerify "none"
 #endif

 /* ----------
@ -185,9 +183,6 @@ static const PQconninfoOption PQconninfoOptions[] = {
 	{"sslmode", "PGSSLMODE", DefaultSSLMode, NULL,
 	"SSL-Mode", "", 8},			/* sizeof("disable") == 8 */

-	{"sslverify", "PGSSLVERIFY", DefaultSSLVerify, NULL,
-	"SSL-Verify", "", 5},		/* sizeof("chain") == 5 */
-
 	{"sslcert", "PGSSLCERT", NULL, NULL,
 	"SSL-Client-Cert", "", 64},

@ -431,8 +426,6 @@ connectOptions1(PGconn *conn, const char *conninfo)
 	conn->connect_timeout = tmp ? strdup(tmp) : NULL;
 	tmp = conninfo_getval(connOptions, "sslmode");
 	conn->sslmode = tmp ? strdup(tmp) : NULL;
-	tmp = conninfo_getval(connOptions, "sslverify");
-	conn->sslverify = tmp ? strdup(tmp) : NULL;
 	tmp = conninfo_getval(connOptions, "sslkey");
 	conn->sslkey = tmp ? strdup(tmp) : NULL;
 	tmp = conninfo_getval(connOptions, "sslcert");
@ -522,7 +515,9 @@ connectOptions2(PGconn *conn)
 		if (strcmp(conn->sslmode, "disable") != 0
 			&& strcmp(conn->sslmode, "allow") != 0
 			&& strcmp(conn->sslmode, "prefer") != 0
-			&& strcmp(conn->sslmode, "require") != 0)
+			&& strcmp(conn->sslmode, "require") != 0
+			&& strcmp(conn->sslmode, "verify-ca") != 0
+			&& strcmp(conn->sslmode, "verify-full") != 0)
 		{
 			conn->status = CONNECTION_BAD;
 			printfPQExpBuffer(&conn->errorMessage,
@ -544,6 +539,7 @@ connectOptions2(PGconn *conn)
 				break;

 			case 'r':			/* "require" */
+			case 'v':			/* "verify-ca" or "verify-full" */
 				conn->status = CONNECTION_BAD;
 				printfPQExpBuffer(&conn->errorMessage,
 								  libpq_gettext("sslmode value \"%s\" invalid when SSL support is not compiled in\n"),
@ -555,24 +551,6 @@ connectOptions2(PGconn *conn)
 	else
 		conn->sslmode = strdup(DefaultSSLMode);

-	/*
-	 * Validate sslverify option
-	 */
-	if (conn->sslverify)
-	{
-		if (strcmp(conn->sslverify, "none") != 0
-			&& strcmp(conn->sslverify, "cert") != 0
-			&& strcmp(conn->sslverify, "cn") != 0)
-		{
-			conn->status = CONNECTION_BAD;
-			printfPQExpBuffer(&conn->errorMessage,
-							libpq_gettext("invalid sslverify value: \"%s\"\n"),
-							  conn->sslverify);
-			return false;
-		}
-	}
-
-
 	/*
 	 * Only if we get this far is it appropriate to try to connect. (We need a
 	 * state flag, rather than just the boolean result of this function, in
@ -1428,7 +1406,8 @@ keep_going:						/* We will come back to here until there is
 					}
 					else if (SSLok == 'N')
 					{
-						if (conn->sslmode[0] == 'r')	/* "require" */
+						if (conn->sslmode[0] == 'r' ||	/* "require" */
+							conn->sslmode[0] == 'v')    /* "verify-ca" or "verify-full" */
 						{
 							/* Require SSL, but server does not want it */
 							appendPQExpBuffer(&conn->errorMessage,
@ -1445,7 +1424,8 @@ keep_going:						/* We will come back to here until there is
 						/* Received error - probably protocol mismatch */
 						if (conn->Pfdebug)
 							fprintf(conn->Pfdebug, "received error from server, attempting fallback to pre-7.0\n");
-						if (conn->sslmode[0] == 'r')	/* "require" */
+						if (conn->sslmode[0] == 'r' ||	/* "require" */
+							conn->sslmode[0] == 'v')    /* "verify-ca" or "verify-full" */
 						{
 							/* Require SSL, but server is too old */
 							appendPQExpBuffer(&conn->errorMessage,
@ -2052,8 +2032,6 @@ freePGconn(PGconn *conn)
 		free(conn->pgpass);
 	if (conn->sslmode)
 		free(conn->sslmode);
-	if (conn->sslverify)
-		free(conn->sslverify);
 	if (conn->sslcert)
 		free(conn->sslcert);
 	if (conn->sslkey)
--- a/src/interfaces/libpq/fe-secure.c
+++ b/src/interfaces/libpq/fe-secure.c
@ -11,7 +11,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.123 2009/04/14 17:30:16 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.124 2009/04/24 09:43:10 mha Exp $
 *
 * NOTES
 *
@ -523,7 +523,7 @@ verify_peer_name_matches_certificate(PGconn *conn)
 	 * If told not to verify the peer name, don't do it. Return
 	 * 0 indicating that the verification was successful.
 	 */
-	if(strcmp(conn->sslverify, "cn") != 0)
+	if (strcmp(conn->sslmode, "verify-full") != 0)
 		return true;

 	if (conn->pghostaddr)
@ -987,9 +987,9 @@ initialize_SSL(PGconn *conn)
 		return -1;

 	/*
-	 * If sslverify is set to anything other than "none", perform certificate
-	 * verification. If set to "cn" we will also do further verifications after
-	 * the connection has been completed.
+	 * If sslmode is set to one of the verify options, perform certificate
+	 * verification. If set to "verify-full" we will also do further
+	 * verification after the connection has been completed.
 	 *
 	 * If we are going to look for either root certificate or CRL in the home directory,
 	 * we need pqGetHomeDirectory() to succeed. In other cases, we don't need to
@ -999,7 +999,7 @@ initialize_SSL(PGconn *conn)
 	{
 		if (!pqGetHomeDirectory(homedir, sizeof(homedir)))
 		{
-			if (strcmp(conn->sslverify, "none") != 0)
+			if (conn->sslmode[0] == 'v') /* "verify-ca" or "verify-full" */
 			{
 				printfPQExpBuffer(&conn->errorMessage,
 								  libpq_gettext("could not get home directory to locate root certificate file"));
@ -1064,7 +1064,7 @@ initialize_SSL(PGconn *conn)
 	else
 	{
 		/* stat() failed; assume cert file doesn't exist */
-		if (strcmp(conn->sslverify, "none") != 0)
+		if (conn->sslmode[0] == 'v') /* "verify-ca" or "verify-full" */
 		{
 			printfPQExpBuffer(&conn->errorMessage,
 							  libpq_gettext("root certificate file \"%s\" does not exist\n"
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@ -12,7 +12,7 @@
 * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.140 2009/04/19 22:37:13 tgl Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.141 2009/04/24 09:43:10 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -294,7 +294,6 @@ struct pg_conn
 	char	   *pguser;			/* Postgres username and password, if any */
 	char	   *pgpass;
 	char	   *sslmode;		/* SSL mode (require,prefer,allow,disable) */
-	char	   *sslverify;		/* Verify server SSL certificate (none,chain,cn) */
 	char	   *sslkey;			/* client key filename */
 	char	   *sslcert;		/* client certificate filename */
 	char	   *sslrootcert;	/* root certificate filename */