Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb56af49

Browse files
committed
The second was that renegotiation was just plain broken. I can't
believe I didn't notice this before -- once 64k was sent to/from theserver the client would crash. Basicly, in 7.3 the server SSL code setthe initial state to "about to renegotiate" without actually startingthe renegotiation. In addition, the server and client didn't properlyhandle the SSL_ERROR_WANT_(READ|WRITE) error. This is fixed in thesecond patch.Nathan Mueller
1 parent6ccb5ae commitb56af49

File tree

2 files changed

+15
-9
lines changed

2 files changed

+15
-9
lines changed

‎src/backend/libpq/be-secure.c

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.22 2003/01/0822:56:58 momjian Exp $
14+
* $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.23 2003/01/0823:18:25 momjian Exp $
1515
*
1616
* Since the server static private key ($DataDir/server.key)
1717
* will normally be stored unencrypted so that the database
@@ -273,19 +273,14 @@ secure_read(Port *port, void *ptr, size_t len)
273273
#ifdefUSE_SSL
274274
if (port->ssl)
275275
{
276-
if (port->count>RENEGOTIATION_LIMIT)
277-
{
278-
SSL_renegotiate(port->ssl);
279-
port->count=0;
280-
}
281-
282276
n=SSL_read(port->ssl,ptr,len);
283277
switch (SSL_get_error(port->ssl,n))
284278
{
285279
caseSSL_ERROR_NONE:
286280
port->count+=n;
287281
break;
288282
caseSSL_ERROR_WANT_READ:
283+
n=secure_read(port,ptr,len);
289284
break;
290285
caseSSL_ERROR_SYSCALL:
291286
if (n==-1)
@@ -325,7 +320,15 @@ secure_write(Port *port, const void *ptr, size_t len)
325320
{
326321
if (port->count>RENEGOTIATION_LIMIT)
327322
{
328-
SSL_renegotiate(port->ssl);
323+
SSL_set_session_id_context(port->ssl, (void*)&SSL_context,sizeof(SSL_context));
324+
325+
if (SSL_renegotiate(port->ssl) <=0)
326+
elog(COMMERROR,"SSL renegotiation failure");
327+
if (SSL_do_handshake(port->ssl) <=0)
328+
elog(COMMERROR,"SSL renegotiation failure");
329+
port->ssl->state=SSL_ST_ACCEPT;
330+
if (SSL_do_handshake(port->ssl) <=0)
331+
elog(COMMERROR,"SSL renegotiation failure");
329332
port->count=0;
330333
}
331334

@@ -336,6 +339,7 @@ secure_write(Port *port, const void *ptr, size_t len)
336339
port->count+=n;
337340
break;
338341
caseSSL_ERROR_WANT_WRITE:
342+
n=secure_read(port,ptr,len);
339343
break;
340344
caseSSL_ERROR_SYSCALL:
341345
if (n==-1)

‎src/interfaces/libpq/fe-secure.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.19 2003/01/0822:56:58 momjian Exp $
14+
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.20 2003/01/0823:18:25 momjian Exp $
1515
*
1616
* NOTES
1717
* The client *requires* a valid server certificate. Since
@@ -268,6 +268,7 @@ pqsecure_read(PGconn *conn, void *ptr, size_t len)
268268
caseSSL_ERROR_NONE:
269269
break;
270270
caseSSL_ERROR_WANT_READ:
271+
n=pqsecure_read(conn,ptr,len);
271272
break;
272273
caseSSL_ERROR_SYSCALL:
273274
if (n==-1)
@@ -314,6 +315,7 @@ pqsecure_write(PGconn *conn, const void *ptr, size_t len)
314315
caseSSL_ERROR_NONE:
315316
break;
316317
caseSSL_ERROR_WANT_WRITE:
318+
n=pqsecure_write(conn,ptr,len);
317319
break;
318320
caseSSL_ERROR_SYSCALL:
319321
if (n==-1)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp