NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitaf0e79c

committed

Move SSL information callback earlier to capture more information

The callback for retrieving state change information during connectionsetup was only installed when the connection was mostly set up, andthus didn't provide much information and missed all the details relatedto the handshake.This also extends the callback with SSL_state_string_long() to printmore information about the state change within the SSL object handled.While there, fix some comments which were incorrectly referring to thecallback and its previous location in fe-secure.c.Author: Daniel GustafssonDiscussion:https://postgr.es/m/232CF476-94E1-42F1-9408-719E2AEC5491@yesql.se

1 parent27a48e5 commitaf0e79cCopy full SHA for af0e79c

File tree

3 files changed

+16

-18

lines changed

src
- backend/libpq
  - be-secure-openssl.c
- interfaces/libpq
  - fe-secure-openssl.c
  - fe-secure.c

3 files changed

+16

-18

lines changed

`‎src/backend/libpq/be-secure-openssl.c‎`

Lines changed: 15 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -381,6 +381,9 @@ be_tls_open_server(Port *port)`
`381`	`381`	`return-1;`
`382`	`382`	`}`
`383`	`383`
	`384`	`+/* set up debugging/info callback */`
	`385`	`+SSL_CTX_set_info_callback(SSL_context,info_cb);`
	`386`	`+`
`384`	`387`	`if (!(port->ssl=SSL_new(SSL_context)))`
`385`	`388`	`{`
`386`	`389`	`ereport(COMMERROR,`
`@@ -562,9 +565,6 @@ be_tls_open_server(Port *port)`
`562`	`565`	`port->peer_cert_valid= true;`
`563`	`566`	`}`
`564`	`567`
`565`		`-/* set up debugging/info callback */`
`566`		`-SSL_CTX_set_info_callback(SSL_context,info_cb);`
`567`		`-`
`568`	`568`	`return0;`
`569`	`569`	`}`
`570`	`570`
`@@ -999,39 +999,43 @@ verify_cb(int ok, X509_STORE_CTX *ctx)`
`999`	`999`	`staticvoid`
`1000`	`1000`	`info_cb(constSSL*ssl,inttype,intargs)`
`1001`	`1001`	`{`
	`1002`	`+constchar*desc;`
	`1003`	`+`
	`1004`	`+desc=SSL_state_string_long(ssl);`
	`1005`	`+`
`1002`	`1006`	`switch (type)`
`1003`	`1007`	`{`
`1004`	`1008`	`caseSSL_CB_HANDSHAKE_START:`
`1005`	`1009`	`ereport(DEBUG4,`
`1006`		`-(errmsg_internal("SSL: handshake start")));`
	`1010`	`+(errmsg_internal("SSL: handshake start: \"%s\"",desc)));`
`1007`	`1011`	`break;`
`1008`	`1012`	`caseSSL_CB_HANDSHAKE_DONE:`
`1009`	`1013`	`ereport(DEBUG4,`
`1010`		`-(errmsg_internal("SSL: handshake done")));`
	`1014`	`+(errmsg_internal("SSL: handshake done: \"%s\"",desc)));`
`1011`	`1015`	`break;`
`1012`	`1016`	`caseSSL_CB_ACCEPT_LOOP:`
`1013`	`1017`	`ereport(DEBUG4,`
`1014`		`-(errmsg_internal("SSL: accept loop")));`
	`1018`	`+(errmsg_internal("SSL: accept loop: \"%s\"",desc)));`
`1015`	`1019`	`break;`
`1016`	`1020`	`caseSSL_CB_ACCEPT_EXIT:`
`1017`	`1021`	`ereport(DEBUG4,`
`1018`		`-(errmsg_internal("SSL: accept exit (%d)",args)));`
	`1022`	`+(errmsg_internal("SSL: accept exit (%d): \"%s\"",args,desc)));`
`1019`	`1023`	`break;`
`1020`	`1024`	`caseSSL_CB_CONNECT_LOOP:`
`1021`	`1025`	`ereport(DEBUG4,`
`1022`		`-(errmsg_internal("SSL: connect loop")));`
	`1026`	`+(errmsg_internal("SSL: connect loop: \"%s\"",desc)));`
`1023`	`1027`	`break;`
`1024`	`1028`	`caseSSL_CB_CONNECT_EXIT:`
`1025`	`1029`	`ereport(DEBUG4,`
`1026`		`-(errmsg_internal("SSL: connect exit (%d)",args)));`
	`1030`	`+(errmsg_internal("SSL: connect exit (%d): \"%s\"",args,desc)));`
`1027`	`1031`	`break;`
`1028`	`1032`	`caseSSL_CB_READ_ALERT:`
`1029`	`1033`	`ereport(DEBUG4,`
`1030`		`-(errmsg_internal("SSL: read alert (0x%04x)",args)));`
	`1034`	`+(errmsg_internal("SSL: read alert (0x%04x): \"%s\"",args,desc)));`
`1031`	`1035`	`break;`
`1032`	`1036`	`caseSSL_CB_WRITE_ALERT:`
`1033`	`1037`	`ereport(DEBUG4,`
`1034`		`-(errmsg_internal("SSL: write alert (0x%04x)",args)));`
	`1038`	`+(errmsg_internal("SSL: write alert (0x%04x): \"%s\"",args,desc)));`
`1035`	`1039`	`break;`
`1036`	`1040`	`}`
`1037`	`1041`	`}`

`‎src/interfaces/libpq/fe-secure-openssl.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@`
`14`	`14`	`* NOTES`
`15`	`15`	`*`
`16`	`16`	`* We don't provide informational callbacks here (like`
`17`		`- * info_cb() in be-secure.c), since there's no good mechanism to`
	`17`	`+ * info_cb() in be-secure-openssl.c), since there's no good mechanism to`
`18`	`18`	`* display such information to the user.`
`19`	`19`	`*`
`20`	`20`	`*-------------------------------------------------------------------------`

`‎src/interfaces/libpq/fe-secure.c‎`

Lines changed: 0 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -13,12 +13,6 @@`
`13`	`13`	`* IDENTIFICATION`
`14`	`14`	`* src/interfaces/libpq/fe-secure.c`
`15`	`15`	`*`
`16`		`- * NOTES`
`17`		`- *`
`18`		`- * We don't provide informational callbacks here (like`
`19`		`- * info_cb() in be-secure.c), since there's no good mechanism to`
`20`		`- * display such information to the user.`
`21`		`- *`
`22`	`16`	`*-------------------------------------------------------------------------`
`23`	`17`	`*/`
`24`	`18`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitaf0e79c

File tree

3 files changed

3 files changed

`‎src/backend/libpq/be-secure-openssl.c‎`

`‎src/interfaces/libpq/fe-secure-openssl.c‎`

`‎src/interfaces/libpq/fe-secure.c‎`

0 commit comments