Commit91d568e

committed

Fix the sense of the test on DH_check()'s return value. This was preventing

custom-generated DH parameters from actually being used by the server.Found by Michael Fuhr.

1 parent2246e31 commit91d568eCopy full SHA for 91d568e

File tree

-2

lines changed

-2

lines changed

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@`
`11`	`11`	`*`
`12`	`12`	`*`
`13`	`13`	`* IDENTIFICATION`
`14`		`- * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.69 2006/05/06 02:24:39 momjian Exp $`
	`14`	`+ * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.70 2006/05/12 22:44:36 tgl Exp $`
`15`	`15`	`*`
`16`	`16`	`* Since the server static private key ($DataDir/server.key)`
`17`	`17`	`* will normally be stored unencrypted so that the database`
`@@ -524,7 +524,7 @@ load_dh_file(int keylength)`
`524`	`524`	`/* make sure the DH parameters are usable */`
`525`	`525`	`if (dh!=NULL)`
`526`	`526`	`{`
`527`		`-if (DH_check(dh,&codes))`
	`527`	`+if (DH_check(dh,&codes)==0)`
`528`	`528`	`{`
`529`	`529`	`elog(LOG,"DH_check error (%s): %s",fnbuf,SSLerrmessage());`
`530`	`530`	`returnNULL;`

Comments

(0)