Back out SSL changes. Newer patch available.

2025-07-31 22:04:40 +03:00 · 2002-06-14 04:09:37 +00:00
parent a9bd17616e
commit eb43af3210
10 changed files with 208 additions and 886 deletions
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.184 2002/06/14 03:56:47 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.185 2002/06/14 04:09:37 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -62,6 +62,10 @@ inet_aton(const char *cp, struct in_addr * inp)
 #endif


+#ifdef USE_SSL
+static SSL_CTX *SSL_context = NULL;
+#endif
+
 #define NOTIFYLIST_INITIAL_SIZE 10
 #define NOTIFYLIST_GROWBY 10

@ -182,13 +186,8 @@ static char *conninfo_getval(PQconninfoOption *connOptions,
 static void defaultNoticeProcessor(void *arg, const char *message);
 static int parseServiceInfo(PQconninfoOption *options,
 				 PQExpBuffer errorMessage);
-
 #ifdef USE_SSL
-extern int initialize_ctx(const char *passwd, void (*err)(const char *fmt,...), PGconn *);
-extern void destroy_ctx(PGconn *);
-extern int open_SSL_client(PGconn *);
-extern void close_SSL(PGconn *);
-extern SSL *PQgetssl(PGconn *);
+static const char *SSLerrmessage(void);
 #endif


@ -970,10 +969,28 @@ retry2:
 		}
 		if (SSLok == 'S')
 		{
-			if (initialize_ctx(NULL, NULL, conn) == -1)
-				goto connect_errReturn;
-			if (open_SSL_client(conn) == -1)
+			if (!SSL_context)
+			{
+				SSL_load_error_strings();
+				SSL_library_init();
+				SSL_context = SSL_CTX_new(SSLv23_method());
+				if (!SSL_context)
+				{
+					printfPQExpBuffer(&conn->errorMessage,
+					 libpq_gettext("could not create SSL context: %s\n"),
+									  SSLerrmessage());
+					goto connect_errReturn;
+				}
+			}
+			if (!(conn->ssl = SSL_new(SSL_context)) ||
+				!SSL_set_fd(conn->ssl, conn->sock) ||
+				SSL_connect(conn->ssl) <= 0)
+			{
+				printfPQExpBuffer(&conn->errorMessage,
+				libpq_gettext("could not establish SSL connection: %s\n"),
+								  SSLerrmessage());
 				goto connect_errReturn;
+			}
 			/* SSL connection finished. Continue to send startup packet */
 		}
 		else if (SSLok == 'E')
@ -998,7 +1015,7 @@ retry2:
 			goto connect_errReturn;
 		}
 	}
-	if (conn->require_ssl && !PQgetssl(conn))
+	if (conn->require_ssl && !conn->ssl)
 	{
 		/* Require SSL, but server does not support/want it */
 		printfPQExpBuffer(&conn->errorMessage,
@ -1897,7 +1914,8 @@ freePGconn(PGconn *conn)
 		return;
 	pqClearAsyncResult(conn);	/* deallocate result and curTuple */
 #ifdef USE_SSL
-	close_SSL(conn);
+	if (conn->ssl)
+		SSL_free(conn->ssl);
 #endif
 	if (conn->sock >= 0)
 	{
@ -2623,6 +2641,35 @@ PQconninfoFree(PQconninfoOption *connOptions)
 }


+#ifdef USE_SSL
+
+/*
+ * Obtain reason string for last SSL error
+ *
+ * Some caution is needed here since ERR_reason_error_string will
+ * return NULL if it doesn't recognize the error code.  We don't
+ * want to return NULL ever.
+ */
+static const char *
+SSLerrmessage(void)
+{
+	unsigned long	errcode;
+	const char	   *errreason;
+	static char		errbuf[32];
+
+	errcode = ERR_get_error();
+	if (errcode == 0)
+		return "No SSL error reported";
+	errreason = ERR_reason_error_string(errcode);
+	if (errreason != NULL)
+		return errreason;
+	snprintf(errbuf, sizeof(errbuf), "SSL error code %lu", errcode);
+	return errbuf;
+}
+
+#endif /* USE_SSL */
+
+
 /* =========== accessor functions for PGconn ========= */
 char *
 PQdb(const PGconn *conn)
@ -2767,6 +2814,16 @@ PQsetClientEncoding(PGconn *conn, const char *encoding)
 }
 #endif

+#ifdef USE_SSL
+SSL *
+PQgetssl(PGconn *conn)
+{
+	if (!conn)
+		return NULL;
+	return conn->ssl;
+}
+#endif
+
 void
 PQtrace(PGconn *conn, FILE *debug_port)
 {