Move SSL API comments to header files

Move the documentation of the SSL API calls are supposed to do into the headers files, instead of keeping them in the files for the OpenSSL implementation. That way, they don't have to be duplicated or be inconsistent when other implementations are added.
2025-06-22 02:52:08 +03:00 · 2018-01-18 19:53:22 -05:00
parent 573bd08b99
commit f966101d19
4 changed files with 113 additions and 90 deletions
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@ -70,13 +70,6 @@ static bool ssl_passwd_cb_called = false;
 /*						 Public interface						*/
 /* ------------------------------------------------------------ */

-/*
- *	Initialize global SSL context.
- *
- * If isServerStart is true, report any errors as FATAL (so we don't return).
- * Otherwise, log errors at LOG level and return -1 to indicate trouble,
- * preserving the old SSL state if any.  Returns 0 if OK.
- */
 int
 be_tls_init(bool isServerStart)
 {
@ -356,9 +349,6 @@ error:
 	return -1;
 }

-/*
- *	Destroy global SSL context, if any.
- */
 void
 be_tls_destroy(void)
 {
@ -368,9 +358,6 @@ be_tls_destroy(void)
 	ssl_loaded_verify_locations = false;
 }

-/*
- *	Attempt to negotiate SSL connection.
- */
 int
 be_tls_open_server(Port *port)
 {
@ -539,9 +526,6 @@ aloop:
 	return 0;
 }

-/*
- *	Close SSL connection.
- */
 void
 be_tls_close(Port *port)
 {
@ -566,9 +550,6 @@ be_tls_close(Port *port)
 	}
 }

-/*
- *	Read data from a secure connection.
- */
 ssize_t
 be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
 {
@ -628,9 +609,6 @@ be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
 	return n;
 }

-/*
- *	Write data to a secure connection.
- */
 ssize_t
 be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
 {
@ -1106,9 +1084,6 @@ SSLerrmessage(unsigned long ecode)
 	return errbuf;
 }

-/*
- * Return information about the SSL connection
- */
 int
 be_tls_get_cipher_bits(Port *port)
 {
@ -1159,12 +1134,6 @@ be_tls_get_peerdn_name(Port *port, char *ptr, size_t len)
 		ptr[0] = '\0';
 }

-/*
- * Routine to get the expected TLS Finished message information from the
- * client, useful for authorization when doing channel binding.
- *
- * Result is a palloc'd copy of the TLS Finished message with its size.
- */
 char *
 be_tls_get_peer_finished(Port *port, size_t *len)
 {
@ -1183,13 +1152,6 @@ be_tls_get_peer_finished(Port *port, size_t *len)
 	return result;
 }

-/*
- * Get the server certificate hash for SCRAM channel binding type
- * tls-server-end-point.
- *
- * The result is a palloc'd hash of the server certificate with its
- * size, and NULL if there is no certificate available.
- */
 char *
 be_tls_get_certificate_hash(Port *port, size_t *len)
 {