Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commiteb43af3

Browse files
committed
Back out SSL changes. Newer patch available.
1 parenta9bd176 commiteb43af3

File tree

10 files changed

+208
-886
lines changed

10 files changed

+208
-886
lines changed

‎src/backend/libpq/Makefile‎

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
# Makefile for libpq subsystem (backend half of libpq interface)
55
#
66
# IDENTIFICATION
7-
# $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.31 2002/06/1403:56:46 momjian Exp $
7+
# $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.32 2002/06/1404:09:36 momjian Exp $
88
#
99
#-------------------------------------------------------------------------
1010

@@ -14,8 +14,7 @@ include $(top_builddir)/src/Makefile.global
1414

1515
# be-fsstubs is here for historical reasons, probably belongs elsewhere
1616

17-
OBJS = be-fsstubs.o be-ssl.o auth.o crypt.o hba.o md5.o pqcomm.o\
18-
pqformat.o pqsignal.o
17+
OBJS = be-fsstubs.o auth.o crypt.o hba.o md5.o pqcomm.o pqformat.o pqsignal.o
1918

2019

2120
all: SUBSYS.o

‎src/backend/libpq/pqcomm.c‎

Lines changed: 16 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@
2929
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
3030
* Portions Copyright (c) 1994, Regents of the University of California
3131
*
32-
*$Id: pqcomm.c,v 1.134 2002/06/1403:56:46 momjian Exp $
32+
*$Id: pqcomm.c,v 1.135 2002/06/1404:09:36 momjian Exp $
3333
*
3434
*-------------------------------------------------------------------------
3535
*/
@@ -81,14 +81,6 @@
8181
#include"miscadmin.h"
8282
#include"storage/ipc.h"
8383

84-
/* these functions are misnamed - they handle both SSL and non-SSL case */
85-
externssize_tread_SSL(Port*,void*ptr,size_tlen);
86-
externssize_twrite_SSL(Port*,constvoid*ptr,size_tlen);
87-
88-
#ifdefUSE_SSL
89-
externvoidclose_SSL(Port*);
90-
#endif/* USE_SSL */
91-
9284

9385
staticvoidpq_close(void);
9486

@@ -146,9 +138,6 @@ pq_close(void)
146138
{
147139
if (MyProcPort!=NULL)
148140
{
149-
#ifdefUSE_SSL
150-
close_SSL(MyProcPort);
151-
#endif/* USE_SSL */
152141
close(MyProcPort->sock);
153142
/* make sure any subsequent attempts to do I/O fail cleanly */
154143
MyProcPort->sock=-1;
@@ -427,7 +416,6 @@ StreamConnection(int server_fd, Port *port)
427416
void
428417
StreamClose(intsock)
429418
{
430-
/* FIXME - what about closing SSL connections? */
431419
close(sock);
432420
}
433421

@@ -469,8 +457,14 @@ pq_recvbuf(void)
469457
{
470458
intr;
471459

472-
r=read_SSL(MyProcPort,PqRecvBuffer+PqRecvLength,
473-
PQ_BUFFER_SIZE-PqRecvLength);
460+
#ifdefUSE_SSL
461+
if (MyProcPort->ssl)
462+
r=SSL_read(MyProcPort->ssl,PqRecvBuffer+PqRecvLength,
463+
PQ_BUFFER_SIZE-PqRecvLength);
464+
else
465+
#endif
466+
r=recv(MyProcPort->sock,PqRecvBuffer+PqRecvLength,
467+
PQ_BUFFER_SIZE-PqRecvLength,0);
474468

475469
if (r<0)
476470
{
@@ -486,11 +480,7 @@ pq_recvbuf(void)
486480
elog(COMMERROR,"pq_recvbuf: recv() failed: %m");
487481
returnEOF;
488482
}
489-
#ifdefUSE_SSL
490-
if (r==0&& !MyProcPort->ssl)
491-
#else/* USE_SSL */
492483
if (r==0)
493-
#endif/* USE_SSL */
494484
{
495485
/* as above, only write to postmaster log */
496486
elog(COMMERROR,"pq_recvbuf: unexpected EOF on client connection");
@@ -661,13 +651,14 @@ pq_flush(void)
661651
{
662652
intr;
663653

664-
r=write_SSL(MyProcPort,bufptr,bufend-bufptr);
665-
666654
#ifdefUSE_SSL
667-
if (r<0|| (r==0&& !MyProcPort->ssl))
668-
#else/* USE_SSL */
655+
if (MyProcPort->ssl)
656+
r=SSL_write(MyProcPort->ssl,bufptr,bufend-bufptr);
657+
else
658+
#endif
659+
r=send(MyProcPort->sock,bufptr,bufend-bufptr,0);
660+
669661
if (r <=0)
670-
#endif/* USE_SSL */
671662
{
672663
if (errno==EINTR)
673664
continue;/* Ok if we were interrupted */
@@ -712,9 +703,8 @@ int
712703
pq_eof(void)
713704
{
714705
charx;
715-
intres=1;
706+
intres;
716707

717-
#ifndefUSE_SSL/* not a good solution, but better than nothing */
718708
res=recv(MyProcPort->sock,&x,1,MSG_PEEK);
719709

720710
if (res<0)
@@ -723,8 +713,6 @@ pq_eof(void)
723713
elog(COMMERROR,"pq_eof: recv() failed: %m");
724714
returnEOF;
725715
}
726-
#endif/* USE_SSL */
727-
728716
if (res==0)
729717
returnEOF;
730718
else

‎src/backend/postmaster/postmaster.c‎

Lines changed: 82 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@
3737
*
3838
*
3939
* IDENTIFICATION
40-
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.277 2002/06/1403:56:47 momjian Exp $
40+
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.278 2002/06/1404:09:36 momjian Exp $
4141
*
4242
* NOTES
4343
*
@@ -165,6 +165,10 @@ static intServerSock_INET = INVALID_SOCK;/* stream socket server */
165165
staticintServerSock_UNIX=INVALID_SOCK;/* stream socket server */
166166
#endif
167167

168+
#ifdefUSE_SSL
169+
staticSSL_CTX*SSL_context=NULL;/* Global SSL context */
170+
#endif
171+
168172
/*
169173
* Set by the -o option
170174
*/
@@ -270,10 +274,8 @@ __attribute__((format(printf, 1, 2)));
270274
#defineShutdownDataBase()SSDataBase(BS_XLOG_SHUTDOWN)
271275

272276
#ifdefUSE_SSL
273-
externintinitialize_ctx(constchar*,void (*err)(constchar*fmt,...));
274-
externvoiddestroy_ctx(void);
275-
externintopen_SSL_server(Port*);
276-
externvoidclose_SSL(Port*);
277+
staticvoidInitSSL(void);
278+
staticconstchar*SSLerrmessage(void);
277279
#endif
278280

279281

@@ -607,10 +609,7 @@ PostmasterMain(int argc, char *argv[])
607609
ExitPostmaster(1);
608610
}
609611
if (EnableSSL)
610-
{
611-
if (initialize_ctx(NULL,postmaster_error)==-1)
612-
ExitPostmaster(1);
613-
}
612+
InitSSL();
614613
#endif
615614

616615
/*
@@ -1115,9 +1114,13 @@ ProcessStartupPacket(Port *port, bool SSLdone)
11151114

11161115
#ifdefUSE_SSL
11171116
if (SSLok=='S')
1118-
{
1119-
if (open_SSL_server(port)!=STATUS_OK)
1117+
{
1118+
if (!(port->ssl=SSL_new(SSL_context))||
1119+
!SSL_set_fd(port->ssl,port->sock)||
1120+
SSL_accept(port->ssl) <=0)
11201121
{
1122+
elog(LOG,"failed to initialize SSL connection: %s (%m)",
1123+
SSLerrmessage());
11211124
returnSTATUS_ERROR;
11221125
}
11231126
}
@@ -1319,10 +1322,9 @@ static void
13191322
ConnFree(Port*conn)
13201323
{
13211324
#ifdefUSE_SSL
1322-
close_SSL(conn);
1325+
if (conn->ssl)
1326+
SSL_free(conn->ssl);
13231327
#endif
1324-
if (conn->sock!=-1)
1325-
close(conn->sock);
13261328
free(conn);
13271329
}
13281330

@@ -2422,6 +2424,72 @@ CountChildren(void)
24222424
returncnt;
24232425
}
24242426

2427+
#ifdefUSE_SSL
2428+
2429+
/*
2430+
* Initialize SSL library and structures
2431+
*/
2432+
staticvoid
2433+
InitSSL(void)
2434+
{
2435+
charfnbuf[2048];
2436+
2437+
SSL_load_error_strings();
2438+
SSL_library_init();
2439+
SSL_context=SSL_CTX_new(SSLv23_method());
2440+
if (!SSL_context)
2441+
{
2442+
postmaster_error("failed to create SSL context: %s",
2443+
SSLerrmessage());
2444+
ExitPostmaster(1);
2445+
}
2446+
snprintf(fnbuf,sizeof(fnbuf),"%s/server.crt",DataDir);
2447+
if (!SSL_CTX_use_certificate_file(SSL_context,fnbuf,SSL_FILETYPE_PEM))
2448+
{
2449+
postmaster_error("failed to load server certificate (%s): %s",
2450+
fnbuf,SSLerrmessage());
2451+
ExitPostmaster(1);
2452+
}
2453+
snprintf(fnbuf,sizeof(fnbuf),"%s/server.key",DataDir);
2454+
if (!SSL_CTX_use_PrivateKey_file(SSL_context,fnbuf,SSL_FILETYPE_PEM))
2455+
{
2456+
postmaster_error("failed to load private key file (%s): %s",
2457+
fnbuf,SSLerrmessage());
2458+
ExitPostmaster(1);
2459+
}
2460+
if (!SSL_CTX_check_private_key(SSL_context))
2461+
{
2462+
postmaster_error("check of private key failed: %s",
2463+
SSLerrmessage());
2464+
ExitPostmaster(1);
2465+
}
2466+
}
2467+
2468+
/*
2469+
* Obtain reason string for last SSL error
2470+
*
2471+
* Some caution is needed here since ERR_reason_error_string will
2472+
* return NULL if it doesn't recognize the error code. We don't
2473+
* want to return NULL ever.
2474+
*/
2475+
staticconstchar*
2476+
SSLerrmessage(void)
2477+
{
2478+
unsigned longerrcode;
2479+
constchar*errreason;
2480+
staticcharerrbuf[32];
2481+
2482+
errcode=ERR_get_error();
2483+
if (errcode==0)
2484+
return"No SSL error reported";
2485+
errreason=ERR_reason_error_string(errcode);
2486+
if (errreason!=NULL)
2487+
returnerrreason;
2488+
snprintf(errbuf,sizeof(errbuf),"SSL error code %lu",errcode);
2489+
returnerrbuf;
2490+
}
2491+
2492+
#endif/* USE_SSL */
24252493

24262494
/*
24272495
* Fire off a subprocess for startup/shutdown/checkpoint.

‎src/bin/psql/startup.c‎

Lines changed: 2 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
*
44
* Copyright 2000 by PostgreSQL Global Development Group
55
*
6-
* $Header: /cvsroot/pgsql/src/bin/psql/startup.c,v 1.58 2002/06/1403:56:47 momjian Exp $
6+
* $Header: /cvsroot/pgsql/src/bin/psql/startup.c,v 1.59 2002/06/1404:09:36 momjian Exp $
77
*/
88
#include"postgres_fe.h"
99

@@ -678,33 +678,14 @@ printSSLInfo(void)
678678
{
679679
intsslbits=-1;
680680
SSL*ssl;
681-
X509*peer;
682-
charsn[256];
683-
longl;
684681

685682
ssl=PQgetssl(pset.db);
686683
if (!ssl)
687684
return;/* no SSL */
688685

689-
/*peer = pset.db.peer; */
690-
if ((peer=SSL_get_peer_certificate(ssl))!=NULL)
691-
{
692-
X509_NAME_oneline(X509_get_subject_name(peer),sn,sizeofsn);
693-
}
694-
else
695-
{
696-
strncpy(sn,"(anonymous)",sizeofsn);
697-
}
698-
printf(gettext("SSL connection\n"));
699-
printf(gettext("(host: %s)\n"),sn);
700-
701686
SSL_get_cipher_bits(ssl,&sslbits);
702-
printf(gettext("(protocol: %s)\n"),SSL_get_version(ssl)),
703-
printf(gettext("(cipher: %s, bits: %i)\n"),
687+
printf(gettext("SSL connection (cipher: %s, bits: %i)\n\n"),
704688
SSL_get_cipher(ssl),sslbits);
705-
l=SSL_get_default_timeout(ssl);
706-
printf(gettext("(timeout: %ld:%02ld:%02ld)\n\n"),
707-
l /3600L, (l /60L) %60L,l %60L);
708689
}
709690

710691
#endif

‎src/include/libpq/libpq-be.h‎

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
1212
* Portions Copyright (c) 1994, Regents of the University of California
1313
*
14-
* $Id: libpq-be.h,v 1.28 2002/06/1403:56:47 momjian Exp $
14+
* $Id: libpq-be.h,v 1.29 2002/06/1404:09:37 momjian Exp $
1515
*
1616
*-------------------------------------------------------------------------
1717
*/
@@ -70,7 +70,6 @@ typedef struct Port
7070
*/
7171
#ifdefUSE_SSL
7272
SSL*ssl;
73-
X509*peer;
7473
#endif
7574
}Port;
7675

‎src/interfaces/libpq/Makefile‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
#
55
# Copyright (c) 1994, Regents of the University of California
66
#
7-
# $Header: /cvsroot/pgsql/src/interfaces/libpq/Makefile,v 1.60 2002/06/1403:56:47 momjian Exp $
7+
# $Header: /cvsroot/pgsql/src/interfaces/libpq/Makefile,v 1.61 2002/06/1404:09:37 momjian Exp $
88
#
99
#-------------------------------------------------------------------------
1010

@@ -20,7 +20,7 @@ SO_MINOR_VERSION= 2
2020
overrideCPPFLAGS := -I$(srcdir)$(CPPFLAGS) -DFRONTEND -DSYSCONFDIR='"$(sysconfdir)"'
2121

2222
OBJS= fe-auth.o fe-connect.o fe-exec.o fe-misc.o fe-print.o fe-lobj.o\
23-
pqexpbuffer.o dllist.o md5.o pqsignal.ofe-ssl.o\
23+
pqexpbuffer.o dllist.o md5.o pqsignal.o\
2424
$(INET_ATON)$(SNPRINTF)$(STRERROR)
2525

2626
ifdefMULTIBYTE

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp