Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit680513a

Browse files
committed
Break out OpenSSL-specific code to separate files.
This refactoring is in preparation for adding support for other SSLimplementations, with no user-visible effects. There are now two #defines,USE_OPENSSL which is defined when building with OpenSSL, and USE_SSL whichis defined when building with any SSL implementation. Currently, OpenSSL isthe only implementation so the two #defines go together, but USE_SSL issupposed to be used for implementation-independent code.The libpq SSL code is changed to use a custom BIO, which does all the rawI/O, like we've been doing in the backend for a long time. That makes itpossible to use MSG_NOSIGNAL to block SIGPIPE when using SSL, which avoidsa couple of syscall for each send(). Probably doesn't make much performancedifference in practice - the SSL encryption is expensive enough to mask theeffect - but it was a natural result of this refactoring.Based on a patch by Martijn van Oosterhout from 2006. Briefly reviewed byAlvaro Herrera, Andreas Karlsson, Jeff Janes.
1 parent6aa6158 commit680513a

26 files changed

+2771
-2417
lines changed

‎configure

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5492,7 +5492,7 @@ if test "${with_openssl+set}" = set; then :
54925492
case$withvalin
54935493
yes)
54945494

5495-
$as_echo"#defineUSE_SSL 1">>confdefs.h
5495+
$as_echo"#defineUSE_OPENSSL 1">>confdefs.h
54965496

54975497
;;
54985498
no)

‎configure.in

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -657,7 +657,7 @@ AC_MSG_RESULT([$with_bonjour])
657657
#
658658
AC_MSG_CHECKING([whether to build with OpenSSL support])
659659
PGAC_ARG_BOOL(with, openssl, no, [build with OpenSSL support],
660-
[AC_DEFINE([USE_SSL], 1, [Define to build with(Open)SSL support. (--with-openssl)])])
660+
[AC_DEFINE([USE_OPENSSL], 1, [Define to build withOpenSSL support. (--with-openssl)])])
661661
AC_MSG_RESULT([$with_openssl])
662662
AC_SUBST(with_openssl)
663663

‎src/backend/libpq/Makefile

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,4 +17,8 @@ include $(top_builddir)/src/Makefile.global
1717
OBJS = be-fsstubs.o be-secure.o auth.o crypt.o hba.o ip.o md5.o pqcomm.o\
1818
pqformat.o pqsignal.o
1919

20+
ifeq ($(with_openssl),yes)
21+
OBJS += be-secure-openssl.o
22+
endif
23+
2024
include$(top_srcdir)/src/backend/common.mk

‎src/backend/libpq/auth.c

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,7 @@ static intpg_SSPI_recvauth(Port *port);
161161
* RADIUS Authentication
162162
*----------------------------------------------------------------
163163
*/
164-
#ifdefUSE_SSL
164+
#ifdefUSE_OPENSSL
165165
#include<openssl/rand.h>
166166
#endif
167167
staticintCheckRADIUSAuth(Port*port);
@@ -330,7 +330,7 @@ ClientAuthentication(Port *port)
330330
* already if it didn't verify ok.
331331
*/
332332
#ifdefUSE_SSL
333-
if (!port->peer)
333+
if (!port->peer_cert_valid)
334334
{
335335
ereport(FATAL,
336336
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
@@ -378,7 +378,7 @@ ClientAuthentication(Port *port)
378378
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
379379
errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s",
380380
hostinfo,port->user_name,
381-
port->ssl ?_("SSL on") :_("SSL off"))));
381+
port->ssl_in_use ?_("SSL on") :_("SSL off"))));
382382
#else
383383
ereport(FATAL,
384384
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
@@ -394,7 +394,7 @@ ClientAuthentication(Port *port)
394394
errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s",
395395
hostinfo,port->user_name,
396396
port->database_name,
397-
port->ssl ?_("SSL on") :_("SSL off"))));
397+
port->ssl_in_use ?_("SSL on") :_("SSL off"))));
398398
#else
399399
ereport(FATAL,
400400
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
@@ -452,7 +452,7 @@ ClientAuthentication(Port *port)
452452
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
453453
errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s",
454454
hostinfo,port->user_name,
455-
port->ssl ?_("SSL on") :_("SSL off")),
455+
port->ssl_in_use ?_("SSL on") :_("SSL off")),
456456
HOSTNAME_LOOKUP_DETAIL(port)));
457457
#else
458458
ereport(FATAL,
@@ -470,7 +470,7 @@ ClientAuthentication(Port *port)
470470
errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",
471471
hostinfo,port->user_name,
472472
port->database_name,
473-
port->ssl ?_("SSL on") :_("SSL off")),
473+
port->ssl_in_use ?_("SSL on") :_("SSL off")),
474474
HOSTNAME_LOOKUP_DETAIL(port)));
475475
#else
476476
ereport(FATAL,
@@ -2315,7 +2315,7 @@ CheckRADIUSAuth(Port *port)
23152315
/* Construct RADIUS packet */
23162316
packet->code=RADIUS_ACCESS_REQUEST;
23172317
packet->length=RADIUS_HEADER_LENGTH;
2318-
#ifdefUSE_SSL
2318+
#ifdefUSE_OPENSSL
23192319
if (RAND_bytes(packet->vector,RADIUS_VECTOR_LENGTH)!=1)
23202320
{
23212321
ereport(LOG,

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp