Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit401aad6

Browse files
committed
Rename connection parameters to control min/max SSL protocol version in libpq
The libpq parameters ssl{max|min}protocolversion are renamed to useunderscores, to become ssl_{max|min}_protocol_version. The relatedenvironment variables still use the names introduced in commitff8ca5fthat added the feature.Per complaint from Peter Eisentraut (this was also mentioned by me inthe original patch review but the issue got discarded).Author: Daniel GustafssonReviewed-by: Peter Eisentraut, Michael PaquierDiscussion:https://postgr.es/m/b319e449-318d-e691-4997-1327e166fcc4@2ndquadrant.com
1 parent4ad047a commit401aad6

File tree

6 files changed

+42
-42
lines changed

6 files changed

+42
-42
lines changed

‎contrib/postgres_fdw/expected/postgres_fdw.out

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8898,7 +8898,7 @@ DO $d$
88988898
END;
88998899
$d$;
89008900
ERROR: invalid option "password"
8901-
HINT: Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcompression, sslcert, sslkey, sslrootcert, sslcrl, requirepeer,sslminprotocolversion, sslmaxprotocolversion, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size
8901+
HINT: Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcompression, sslcert, sslkey, sslrootcert, sslcrl, requirepeer,ssl_min_protocol_version, ssl_max_protocol_version, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size
89028902
CONTEXT: SQL statement "ALTER SERVER loopback_nopw OPTIONS (ADD password 'dummypw')"
89038903
PL/pgSQL function inline_code_block line 3 at EXECUTE
89048904
-- If we add a password for our user mapping instead, we should get a different

‎doc/src/sgml/libpq.sgml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1736,8 +1736,8 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
17361736
</listitem>
17371737
</varlistentry>
17381738

1739-
<varlistentry id="libpq-connect-sslminprotocolversion" xreflabel="sslminprotocolversion">
1740-
<term><literal>sslminprotocolversion</literal></term>
1739+
<varlistentry id="libpq-connect-ssl-min-protocol-version" xreflabel="ssl_min_protocol_version">
1740+
<term><literal>ssl_min_protocol_version</literal></term>
17411741
<listitem>
17421742
<para>
17431743
This parameter specifies the minimum SSL/TLS protocol version to allow
@@ -1752,8 +1752,8 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
17521752
</listitem>
17531753
</varlistentry>
17541754

1755-
<varlistentry id="libpq-connect-sslmaxprotocolversion" xreflabel="sslmaxprotocolversion">
1756-
<term><literal>sslmaxprotocolversion</literal></term>
1755+
<varlistentry id="libpq-connect-ssl-max-protocol-version" xreflabel="ssl_max_protocol_version">
1756+
<term><literal>ssl_max_protocol_version</literal></term>
17571757
<listitem>
17581758
<para>
17591759
This parameter specifies the maximum SSL/TLS protocol version to allow
@@ -7164,7 +7164,7 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
71647164
<primary><envar>PGSSLMINPROTOCOLVERSION</envar></primary>
71657165
</indexterm>
71667166
<envar>PGSSLMINPROTOCOLVERSION</envar> behaves the same as the <xref
7167-
linkend="libpq-connect-sslminprotocolversion"/> connection parameter.
7167+
linkend="libpq-connect-ssl-min-protocol-version"/> connection parameter.
71687168
</para>
71697169
</listitem>
71707170

@@ -7174,7 +7174,7 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
71747174
<primary><envar>PGSSLMAXPROTOCOLVERSION</envar></primary>
71757175
</indexterm>
71767176
<envar>PGSSLMAXPROTOCOLVERSION</envar> behaves the same as the <xref
7177-
linkend="libpq-connect-sslminprotocolversion"/> connection parameter.
7177+
linkend="libpq-connect-ssl-min-protocol-version"/> connection parameter.
71787178
</para>
71797179
</listitem>
71807180

‎src/interfaces/libpq/fe-connect.c

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -320,13 +320,13 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
320320
"Require-Peer","",10,
321321
offsetof(structpg_conn,requirepeer)},
322322

323-
{"sslminprotocolversion","PGSSLMINPROTOCOLVERSION",NULL,NULL,
323+
{"ssl_min_protocol_version","PGSSLMINPROTOCOLVERSION",NULL,NULL,
324324
"SSL-Minimum-Protocol-Version","",8,/* sizeof("TLSv1.x") == 8 */
325-
offsetof(structpg_conn,sslminprotocolversion)},
325+
offsetof(structpg_conn,ssl_min_protocol_version)},
326326

327-
{"sslmaxprotocolversion","PGSSLMAXPROTOCOLVERSION",NULL,NULL,
327+
{"ssl_max_protocol_version","PGSSLMAXPROTOCOLVERSION",NULL,NULL,
328328
"SSL-Maximum-Protocol-Version","",8,/* sizeof("TLSv1.x") == 8 */
329-
offsetof(structpg_conn,sslmaxprotocolversion)},
329+
offsetof(structpg_conn,ssl_max_protocol_version)},
330330

331331
/*
332332
* As with SSL, all GSS options are exposed even in builds that don't have
@@ -1301,23 +1301,23 @@ connectOptions2(PGconn *conn)
13011301
}
13021302

13031303
/*
1304-
* Validate TLS protocol versions forsslminprotocolversion and
1305-
*sslmaxprotocolversion.
1304+
* Validate TLS protocol versions forssl_min_protocol_version and
1305+
*ssl_max_protocol_version.
13061306
*/
1307-
if (!sslVerifyProtocolVersion(conn->sslminprotocolversion))
1307+
if (!sslVerifyProtocolVersion(conn->ssl_min_protocol_version))
13081308
{
13091309
conn->status=CONNECTION_BAD;
13101310
printfPQExpBuffer(&conn->errorMessage,
1311-
libpq_gettext("invalidsslminprotocolversion value: \"%s\"\n"),
1312-
conn->sslminprotocolversion);
1311+
libpq_gettext("invalidssl_min_protocol_version value: \"%s\"\n"),
1312+
conn->ssl_min_protocol_version);
13131313
return false;
13141314
}
1315-
if (!sslVerifyProtocolVersion(conn->sslmaxprotocolversion))
1315+
if (!sslVerifyProtocolVersion(conn->ssl_max_protocol_version))
13161316
{
13171317
conn->status=CONNECTION_BAD;
13181318
printfPQExpBuffer(&conn->errorMessage,
1319-
libpq_gettext("invalidsslmaxprotocolversion value: \"%s\"\n"),
1320-
conn->sslmaxprotocolversion);
1319+
libpq_gettext("invalidssl_max_protocol_version value: \"%s\"\n"),
1320+
conn->ssl_max_protocol_version);
13211321
return false;
13221322
}
13231323

@@ -1328,8 +1328,8 @@ connectOptions2(PGconn *conn)
13281328
* already-built SSL context when the connection is being established, as
13291329
* it would be doomed anyway.
13301330
*/
1331-
if (!sslVerifyProtocolRange(conn->sslminprotocolversion,
1332-
conn->sslmaxprotocolversion))
1331+
if (!sslVerifyProtocolRange(conn->ssl_min_protocol_version,
1332+
conn->ssl_max_protocol_version))
13331333
{
13341334
conn->status=CONNECTION_BAD;
13351335
printfPQExpBuffer(&conn->errorMessage,
@@ -4046,10 +4046,10 @@ freePGconn(PGconn *conn)
40464046
free(conn->sslcompression);
40474047
if (conn->requirepeer)
40484048
free(conn->requirepeer);
4049-
if (conn->sslminprotocolversion)
4050-
free(conn->sslminprotocolversion);
4051-
if (conn->sslmaxprotocolversion)
4052-
free(conn->sslmaxprotocolversion);
4049+
if (conn->ssl_min_protocol_version)
4050+
free(conn->ssl_min_protocol_version);
4051+
if (conn->ssl_max_protocol_version)
4052+
free(conn->ssl_max_protocol_version);
40534053
if (conn->gssencmode)
40544054
free(conn->gssencmode);
40554055
if (conn->krbsrvname)
@@ -7120,7 +7120,7 @@ pgpassfileWarning(PGconn *conn)
71207120
/*
71217121
* Check if the SSL procotol value given in input is valid or not.
71227122
* This is used as a sanity check routine for the connection parameters
7123-
*sslminprotocolversion andsslmaxprotocolversion.
7123+
*ssl_min_protocol_version andssl_max_protocol_version.
71247124
*/
71257125
staticbool
71267126
sslVerifyProtocolVersion(constchar*version)

‎src/interfaces/libpq/fe-secure-openssl.c

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -842,18 +842,18 @@ initialize_SSL(PGconn *conn)
842842
SSL_CTX_set_options(SSL_context,SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3);
843843

844844
/* Set the minimum and maximum protocol versions if necessary */
845-
if (conn->sslminprotocolversion&&
846-
strlen(conn->sslminprotocolversion)!=0)
845+
if (conn->ssl_min_protocol_version&&
846+
strlen(conn->ssl_min_protocol_version)!=0)
847847
{
848848
intssl_min_ver;
849849

850-
ssl_min_ver=ssl_protocol_version_to_openssl(conn->sslminprotocolversion);
850+
ssl_min_ver=ssl_protocol_version_to_openssl(conn->ssl_min_protocol_version);
851851

852852
if (ssl_min_ver==-1)
853853
{
854854
printfPQExpBuffer(&conn->errorMessage,
855855
libpq_gettext("invalid value \"%s\" for minimum version of SSL protocol\n"),
856-
conn->sslminprotocolversion);
856+
conn->ssl_min_protocol_version);
857857
SSL_CTX_free(SSL_context);
858858
return-1;
859859
}
@@ -871,18 +871,18 @@ initialize_SSL(PGconn *conn)
871871
}
872872
}
873873

874-
if (conn->sslmaxprotocolversion&&
875-
strlen(conn->sslmaxprotocolversion)!=0)
874+
if (conn->ssl_max_protocol_version&&
875+
strlen(conn->ssl_max_protocol_version)!=0)
876876
{
877877
intssl_max_ver;
878878

879-
ssl_max_ver=ssl_protocol_version_to_openssl(conn->sslmaxprotocolversion);
879+
ssl_max_ver=ssl_protocol_version_to_openssl(conn->ssl_max_protocol_version);
880880

881881
if (ssl_max_ver==-1)
882882
{
883883
printfPQExpBuffer(&conn->errorMessage,
884884
libpq_gettext("invalid value \"%s\" for maximum version of SSL protocol\n"),
885-
conn->sslmaxprotocolversion);
885+
conn->ssl_max_protocol_version);
886886
SSL_CTX_free(SSL_context);
887887
return-1;
888888
}

‎src/interfaces/libpq/libpq-int.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -367,8 +367,8 @@ struct pg_conn
367367
char*krbsrvname;/* Kerberos service name */
368368
char*gsslib;/* What GSS library to use ("gssapi" or
369369
* "sspi") */
370-
char*sslminprotocolversion;/* minimum TLS protocol version */
371-
char*sslmaxprotocolversion;/* maximum TLS protocol version */
370+
char*ssl_min_protocol_version;/* minimum TLS protocol version */
371+
char*ssl_max_protocol_version;/* maximum TLS protocol version */
372372

373373
/* Type of connection to make. Possible values: any, read-write. */
374374
char*target_session_attrs;

‎src/test/ssl/t/001_ssltests.pl

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -357,22 +357,22 @@
357357
# Test min/max SSL protocol versions.
358358
test_connect_ok(
359359
$common_connstr,
360-
"sslrootcert=ssl/root+server_ca.crt sslmode=requiresslminprotocolversion=TLSv1.2sslmaxprotocolversion=TLSv1.2",
360+
"sslrootcert=ssl/root+server_ca.crt sslmode=requiressl_min_protocol_version=TLSv1.2ssl_max_protocol_version=TLSv1.2",
361361
"connection success with correct range of TLS protocol versions");
362362
test_connect_fails(
363363
$common_connstr,
364-
"sslrootcert=ssl/root+server_ca.crt sslmode=requiresslminprotocolversion=TLSv1.2sslmaxprotocolversion=TLSv1.1",
364+
"sslrootcert=ssl/root+server_ca.crt sslmode=requiressl_min_protocol_version=TLSv1.2ssl_max_protocol_version=TLSv1.1",
365365
qr/invalid SSL protocol version range/,
366366
"connection failure with incorrect range of TLS protocol versions");
367367
test_connect_fails(
368368
$common_connstr,
369-
"sslrootcert=ssl/root+server_ca.crt sslmode=requiresslminprotocolversion=incorrect_tls",
370-
qr/invalidsslminprotocolversion value/,
369+
"sslrootcert=ssl/root+server_ca.crt sslmode=requiressl_min_protocol_version=incorrect_tls",
370+
qr/invalidssl_min_protocol_version value/,
371371
"connection failure with an incorrect SSL protocol minimum bound");
372372
test_connect_fails(
373373
$common_connstr,
374-
"sslrootcert=ssl/root+server_ca.crt sslmode=requiresslmaxprotocolversion=incorrect_tls",
375-
qr/invalidsslmaxprotocolversion value/,
374+
"sslrootcert=ssl/root+server_ca.crt sslmode=requiressl_max_protocol_version=incorrect_tls",
375+
qr/invalidssl_max_protocol_version value/,
376376
"connection failure with an incorrect SSL protocol maximum bound");
377377

378378
### Server-side tests.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp