Commit03a0e0d

committed

libpq: Enforce ALPN in direct SSL connections

ALPN is mandatory with direct SSL connections. That is documented, andthe server checks it, but libpq was missing the check.Reported-by: Jacob ChampionReviewed-by: Michael PaquierDiscussion:https://www.postgresql.org/message-id/CAOYmi+=sj+1uydS0NR4nYzw-LRWp3Q-s5speBug5UCLSPMbvGA@mail.gmail.com

1 parent87d2801 commit03a0e0dCopy full SHA for 03a0e0d

File tree

+28

-0

lines changed

+28

-0

lines changed

Lines changed: 28 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1585,6 +1585,34 @@ open_client_SSL(PGconn *conn)`
`1585`	`1585`	`}`
`1586`	`1586`	`}`
`1587`	`1587`
	`1588`	`+/* ALPN is mandatory with direct SSL connections */`
	`1589`	`+if (conn->current_enc_method==ENC_DIRECT_SSL)`
	`1590`	`+{`
	`1591`	`+constunsignedchar*selected;`
	`1592`	`+unsignedintlen;`
	`1593`	`+`
	`1594`	`+SSL_get0_alpn_selected(conn->ssl,&selected,&len);`
	`1595`	`+`
	`1596`	`+if (selected==NULL)`
	`1597`	`+{`
	`1598`	`+libpq_append_conn_error(conn,"direct SSL connection was established without ALPN protocol negotiation extension");`
	`1599`	`+pgtls_close(conn);`
	`1600`	`+returnPGRES_POLLING_FAILED;`
	`1601`	`+}`
	`1602`	`+`
	`1603`	`+/*`
	`1604`	`+ * We only support one protocol so that's what the negotiation should`
	`1605`	`+ * always choose, but doesn't hurt to check.`
	`1606`	`+ */`
	`1607`	`+if (len!=strlen(PG_ALPN_PROTOCOL)\|\|`
	`1608`	`+memcmp(selected,PG_ALPN_PROTOCOL,strlen(PG_ALPN_PROTOCOL))!=0)`
	`1609`	`+{`
	`1610`	`+libpq_append_conn_error(conn,"SSL connection was established with unexpected ALPN protocol");`
	`1611`	`+pgtls_close(conn);`
	`1612`	`+returnPGRES_POLLING_FAILED;`
	`1613`	`+}`
	`1614`	`+}`
	`1615`	`+`
`1588`	`1616`	`/*`
`1589`	`1617`	`* We already checked the server certificate in initialize_SSL() using`
`1590`	`1618`	`* SSL_CTX_set_verify(), if root.crt exists.`

Comments

(0)