NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commitc186954

committed

Use abstracted SSL API in server connection log messages

The existing "connection authorized" server log messages used OpenSSLAPI calls directly, even though similar abstracted API calls exist.Change to use the latter instead.Change the function prototype for the functions that return the TLSversion and the cipher to return const char * directly instead ofcopying into a buffer. That makes them slightly easier to use.Add bits= to the message. psql shows that, so we might as well show thesame information on the client and server.Reviewed-by: Daniel Gustafsson <daniel@yesql.se>Reviewed-by: Michael Paquier <michael.paquier@gmail.com>

1 parenta6ef00b commitc186954Copy full SHA for c186954

File tree

4 files changed

+26

-20

lines changed

src
- backend
  - libpq
    - be-secure-openssl.c
  - postmaster
    - pgstat.c
  - utils/init
    - postinit.c
- include/libpq
  - libpq-be.h

4 files changed

+26

-20

lines changed

`‎src/backend/libpq/be-secure-openssl.c`

Lines changed: 8 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -1047,22 +1047,22 @@ be_tls_get_compression(Port *port)`
`1047`	`1047`	`return false;`
`1048`	`1048`	`}`
`1049`	`1049`
`1050`		`-void`
`1051`		`-be_tls_get_version(Portport,charptr,size_tlen)`
	`1050`	`+constchar*`
	`1051`	`+be_tls_get_version(Port*port)`
`1052`	`1052`	`{`
`1053`	`1053`	`if (port->ssl)`
`1054`		`-strlcpy(ptr,SSL_get_version(port->ssl),len);`
	`1054`	`+returnSSL_get_version(port->ssl);`
`1055`	`1055`	`else`
`1056`		`-ptr[0]='\0';`
	`1056`	`+returnNULL;`
`1057`	`1057`	`}`
`1058`	`1058`
`1059`		`-void`
`1060`		`-be_tls_get_cipher(Portport,charptr,size_tlen)`
	`1059`	`+constchar*`
	`1060`	`+be_tls_get_cipher(Port*port)`
`1061`	`1061`	`{`
`1062`	`1062`	`if (port->ssl)`
`1063`		`-strlcpy(ptr,SSL_get_cipher(port->ssl),len);`
	`1063`	`+returnSSL_get_cipher(port->ssl);`
`1064`	`1064`	`else`
`1065`		`-ptr[0]='\0';`
	`1065`	`+returnNULL;`
`1066`	`1066`	`}`
`1067`	`1067`
`1068`	`1068`	`void`

`‎src/backend/postmaster/pgstat.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -2909,8 +2909,8 @@ pgstat_bestart(void)`
`2909`	`2909`	`beentry->st_ssl= true;`
`2910`	`2910`	`beentry->st_sslstatus->ssl_bits=be_tls_get_cipher_bits(MyProcPort);`
`2911`	`2911`	`beentry->st_sslstatus->ssl_compression=be_tls_get_compression(MyProcPort);`
`2912`		`-be_tls_get_version(MyProcPort,beentry->st_sslstatus->ssl_version,NAMEDATALEN);`
`2913`		`-be_tls_get_cipher(MyProcPort,beentry->st_sslstatus->ssl_cipher,NAMEDATALEN);`
	`2912`	`+strlcpy(beentry->st_sslstatus->ssl_version,be_tls_get_version(MyProcPort),NAMEDATALEN);`
	`2913`	`+strlcpy(beentry->st_sslstatus->ssl_cipher,be_tls_get_cipher(MyProcPort),NAMEDATALEN);`
`2914`	`2914`	`be_tls_get_peerdn_name(MyProcPort,beentry->st_sslstatus->ssl_clientdn,NAMEDATALEN);`
`2915`	`2915`	`}`
`2916`	`2916`	`else`

`‎src/backend/utils/init/postinit.c`

Lines changed: 14 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -246,12 +246,15 @@ PerformAuthentication(Port *port)`
`246`	`246`	`{`
`247`	`247`	`if (am_walsender)`
`248`	`248`	`{`
`249`		`-#ifdefUSE_OPENSSL`
	`249`	`+#ifdefUSE_SSL`
`250`	`250`	`if (port->ssl_in_use)`
`251`	`251`	`ereport(LOG,`
`252`		`-(errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, compression=%s)",`
`253`		`-port->user_name,SSL_get_version(port->ssl),SSL_get_cipher(port->ssl),`
`254`		`-SSL_get_current_compression(port->ssl) ?_("on") :_("off"))));`
	`252`	`+(errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",`
	`253`	`+port->user_name,`
	`254`	`+be_tls_get_version(port),`
	`255`	`+be_tls_get_cipher(port),`
	`256`	`+be_tls_get_cipher_bits(port),`
	`257`	`+be_tls_get_compression(port) ?_("on") :_("off"))));`
`255`	`258`	`else`
`256`	`259`	`#endif`
`257`	`260`	`ereport(LOG,`
`@@ -260,12 +263,15 @@ PerformAuthentication(Port *port)`
`260`	`263`	`}`
`261`	`264`	`else`
`262`	`265`	`{`
`263`		`-#ifdefUSE_OPENSSL`
	`266`	`+#ifdefUSE_SSL`
`264`	`267`	`if (port->ssl_in_use)`
`265`	`268`	`ereport(LOG,`
`266`		`-(errmsg("connection authorized: user=%s database=%s SSL enabled (protocol=%s, cipher=%s, compression=%s)",`
`267`		`-port->user_name,port->database_name,SSL_get_version(port->ssl),SSL_get_cipher(port->ssl),`
`268`		`-SSL_get_current_compression(port->ssl) ?_("on") :_("off"))));`
	`269`	`+(errmsg("connection authorized: user=%s database=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",`
	`270`	`+port->user_name,port->database_name,`
	`271`	`+be_tls_get_version(port),`
	`272`	`+be_tls_get_cipher(port),`
	`273`	`+be_tls_get_cipher_bits(port),`
	`274`	`+be_tls_get_compression(port) ?_("on") :_("off"))));`
`269`	`275`	`else`
`270`	`276`	`#endif`
`271`	`277`	`ereport(LOG,`

`‎src/include/libpq/libpq-be.h`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -256,8 +256,8 @@ extern ssize_t be_tls_write(Port port, void ptr, size_t len, int *waitfor);`
`256`	`256`	`*/`
`257`	`257`	`externintbe_tls_get_cipher_bits(Port*port);`
`258`	`258`	`externboolbe_tls_get_compression(Port*port);`
`259`		`-externvoidbe_tls_get_version(Portport,charptr,size_tlen);`
`260`		`-externvoidbe_tls_get_cipher(Portport,charptr,size_tlen);`
	`259`	`+externconstcharbe_tls_get_version(Portport);`
	`260`	`+externconstcharbe_tls_get_cipher(Portport);`
`261`	`261`	`externvoidbe_tls_get_peerdn_name(Portport,charptr,size_tlen);`
`262`	`262`
`263`	`263`	`/*`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc186954

File tree

4 files changed

4 files changed

`‎src/backend/libpq/be-secure-openssl.c`

`‎src/backend/postmaster/pgstat.c`

`‎src/backend/utils/init/postinit.c`

`‎src/include/libpq/libpq-be.h`

0 commit comments