Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitf966101

Browse files
committed
Move SSL API comments to header files
Move the documentation of the SSL API calls are supposed to do into theheaders files, instead of keeping them in the files for the OpenSSLimplementation. That way, they don't have to be duplicated or beinconsistent when other implementations are added.
1 parent573bd08 commitf966101

File tree

4 files changed

+113
-90
lines changed

4 files changed

+113
-90
lines changed

‎src/backend/libpq/be-secure-openssl.c

Lines changed: 0 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -70,13 +70,6 @@ static bool ssl_passwd_cb_called = false;
7070
/* Public interface*/
7171
/* ------------------------------------------------------------ */
7272

73-
/*
74-
*Initialize global SSL context.
75-
*
76-
* If isServerStart is true, report any errors as FATAL (so we don't return).
77-
* Otherwise, log errors at LOG level and return -1 to indicate trouble,
78-
* preserving the old SSL state if any. Returns 0 if OK.
79-
*/
8073
int
8174
be_tls_init(boolisServerStart)
8275
{
@@ -356,9 +349,6 @@ be_tls_init(bool isServerStart)
356349
return-1;
357350
}
358351

359-
/*
360-
*Destroy global SSL context, if any.
361-
*/
362352
void
363353
be_tls_destroy(void)
364354
{
@@ -368,9 +358,6 @@ be_tls_destroy(void)
368358
ssl_loaded_verify_locations= false;
369359
}
370360

371-
/*
372-
*Attempt to negotiate SSL connection.
373-
*/
374361
int
375362
be_tls_open_server(Port*port)
376363
{
@@ -539,9 +526,6 @@ be_tls_open_server(Port *port)
539526
return0;
540527
}
541528

542-
/*
543-
*Close SSL connection.
544-
*/
545529
void
546530
be_tls_close(Port*port)
547531
{
@@ -566,9 +550,6 @@ be_tls_close(Port *port)
566550
}
567551
}
568552

569-
/*
570-
*Read data from a secure connection.
571-
*/
572553
ssize_t
573554
be_tls_read(Port*port,void*ptr,size_tlen,int*waitfor)
574555
{
@@ -628,9 +609,6 @@ be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
628609
returnn;
629610
}
630611

631-
/*
632-
*Write data to a secure connection.
633-
*/
634612
ssize_t
635613
be_tls_write(Port*port,void*ptr,size_tlen,int*waitfor)
636614
{
@@ -1106,9 +1084,6 @@ SSLerrmessage(unsigned long ecode)
11061084
returnerrbuf;
11071085
}
11081086

1109-
/*
1110-
* Return information about the SSL connection
1111-
*/
11121087
int
11131088
be_tls_get_cipher_bits(Port*port)
11141089
{
@@ -1159,12 +1134,6 @@ be_tls_get_peerdn_name(Port *port, char *ptr, size_t len)
11591134
ptr[0]='\0';
11601135
}
11611136

1162-
/*
1163-
* Routine to get the expected TLS Finished message information from the
1164-
* client, useful for authorization when doing channel binding.
1165-
*
1166-
* Result is a palloc'd copy of the TLS Finished message with its size.
1167-
*/
11681137
char*
11691138
be_tls_get_peer_finished(Port*port,size_t*len)
11701139
{
@@ -1183,13 +1152,6 @@ be_tls_get_peer_finished(Port *port, size_t *len)
11831152
returnresult;
11841153
}
11851154

1186-
/*
1187-
* Get the server certificate hash for SCRAM channel binding type
1188-
* tls-server-end-point.
1189-
*
1190-
* The result is a palloc'd hash of the server certificate with its
1191-
* size, and NULL if there is no certificate available.
1192-
*/
11931155
char*
11941156
be_tls_get_certificate_hash(Port*port,size_t*len)
11951157
{

‎src/include/libpq/libpq-be.h

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -216,19 +216,65 @@ CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\
216216
* These functions are implemented by the glue code specific to each
217217
* SSL implementation (e.g. be-secure-openssl.c)
218218
*/
219+
220+
/*
221+
* Initialize global SSL context.
222+
*
223+
* If isServerStart is true, report any errors as FATAL (so we don't return).
224+
* Otherwise, log errors at LOG level and return -1 to indicate trouble,
225+
* preserving the old SSL state if any. Returns 0 if OK.
226+
*/
219227
externintbe_tls_init(boolisServerStart);
228+
229+
/*
230+
* Destroy global SSL context, if any.
231+
*/
220232
externvoidbe_tls_destroy(void);
233+
234+
/*
235+
* Attempt to negotiate SSL connection.
236+
*/
221237
externintbe_tls_open_server(Port*port);
238+
239+
/*
240+
* Close SSL connection.
241+
*/
222242
externvoidbe_tls_close(Port*port);
243+
244+
/*
245+
* Read data from a secure connection.
246+
*/
223247
externssize_tbe_tls_read(Port*port,void*ptr,size_tlen,int*waitfor);
248+
249+
/*
250+
* Write data to a secure connection.
251+
*/
224252
externssize_tbe_tls_write(Port*port,void*ptr,size_tlen,int*waitfor);
225253

254+
/*
255+
* Return information about the SSL connection.
256+
*/
226257
externintbe_tls_get_cipher_bits(Port*port);
227258
externboolbe_tls_get_compression(Port*port);
228259
externvoidbe_tls_get_version(Port*port,char*ptr,size_tlen);
229260
externvoidbe_tls_get_cipher(Port*port,char*ptr,size_tlen);
230261
externvoidbe_tls_get_peerdn_name(Port*port,char*ptr,size_tlen);
262+
263+
/*
264+
* Get the expected TLS Finished message information from the client, useful
265+
* for authorization when doing channel binding.
266+
*
267+
* Result is a palloc'd copy of the TLS Finished message with its size.
268+
*/
231269
externchar*be_tls_get_peer_finished(Port*port,size_t*len);
270+
271+
/*
272+
* Get the server certificate hash for SCRAM channel binding type
273+
* tls-server-end-point.
274+
*
275+
* The result is a palloc'd hash of the server certificate with its
276+
* size, and NULL if there is no certificate available.
277+
*/
232278
externchar*be_tls_get_certificate_hash(Port*port,size_t*len);
233279
#endif
234280

‎src/interfaces/libpq/fe-secure-openssl.c

Lines changed: 6 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -98,10 +98,6 @@ static long win32_ssl_create_mutex = 0;
9898
/* Procedures common to all secure sessions*/
9999
/* ------------------------------------------------------------ */
100100

101-
/*
102-
*Exported function to allow application to tell us it's already
103-
*initialized OpenSSL and/or libcrypto.
104-
*/
105101
void
106102
pgtls_init_library(booldo_ssl,intdo_crypto)
107103
{
@@ -119,9 +115,6 @@ pgtls_init_library(bool do_ssl, int do_crypto)
119115
pq_init_crypto_lib=do_crypto;
120116
}
121117

122-
/*
123-
*Begin or continue negotiating a secure session.
124-
*/
125118
PostgresPollingStatusType
126119
pgtls_open_client(PGconn*conn)
127120
{
@@ -144,22 +137,6 @@ pgtls_open_client(PGconn *conn)
144137
returnopen_client_SSL(conn);
145138
}
146139

147-
/*
148-
*Is there unread data waiting in the SSL read buffer?
149-
*/
150-
bool
151-
pgtls_read_pending(PGconn*conn)
152-
{
153-
returnSSL_pending(conn->ssl);
154-
}
155-
156-
/*
157-
*Read data from a secure connection.
158-
*
159-
* On failure, this function is responsible for putting a suitable message
160-
* into conn->errorMessage. The caller must still inspect errno, but only
161-
* to determine whether to continue/retry after error.
162-
*/
163140
ssize_t
164141
pgtls_read(PGconn*conn,void*ptr,size_tlen)
165142
{
@@ -284,13 +261,12 @@ pgtls_read(PGconn *conn, void *ptr, size_t len)
284261
returnn;
285262
}
286263

287-
/*
288-
*Write data to a secure connection.
289-
*
290-
* On failure, this function is responsible for putting a suitable message
291-
* into conn->errorMessage. The caller must still inspect errno, but only
292-
* to determine whether to continue/retry after error.
293-
*/
264+
bool
265+
pgtls_read_pending(PGconn*conn)
266+
{
267+
returnSSL_pending(conn->ssl);
268+
}
269+
294270
ssize_t
295271
pgtls_write(PGconn*conn,constvoid*ptr,size_tlen)
296272
{
@@ -393,12 +369,6 @@ pgtls_write(PGconn *conn, const void *ptr, size_t len)
393369
returnn;
394370
}
395371

396-
/*
397-
*Get the TLS finish message sent during last handshake
398-
*
399-
* This information is useful for callers doing channel binding during
400-
* authentication.
401-
*/
402372
char*
403373
pgtls_get_finished(PGconn*conn,size_t*len)
404374
{
@@ -419,13 +389,6 @@ pgtls_get_finished(PGconn *conn, size_t *len)
419389
returnresult;
420390
}
421391

422-
/*
423-
* Get the hash of the server certificate, for SCRAM channel binding type
424-
* tls-server-end-point.
425-
*
426-
* NULL is sent back to the caller in the event of an error, with an
427-
* error message for the caller to consume.
428-
*/
429392
char*
430393
pgtls_get_peer_certificate_hash(PGconn*conn,size_t*len)
431394
{
@@ -854,11 +817,6 @@ pq_lockingcallback(int mode, int n, const char *file, int line)
854817
* If the caller has told us (through PQinitOpenSSL) that he's taking care
855818
* of libcrypto, we expect that callbacks are already set, and won't try to
856819
* override it.
857-
*
858-
* The conn parameter is only used to be able to pass back an error
859-
* message - no connection-local setup is made here.
860-
*
861-
* Returns 0 if OK, -1 on failure (with a message in conn->errorMessage).
862820
*/
863821
int
864822
pgtls_init(PGconn*conn)
@@ -1493,9 +1451,6 @@ open_client_SSL(PGconn *conn)
14931451
returnPGRES_POLLING_OK;
14941452
}
14951453

1496-
/*
1497-
*Close SSL connection.
1498-
*/
14991454
void
15001455
pgtls_close(PGconn*conn)
15011456
{

‎src/interfaces/libpq/libpq-int.h

Lines changed: 61 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -661,19 +661,79 @@ extern void pq_reset_sigpipe(sigset_t *osigset, bool sigpipe_pending,
661661
boolgot_epipe);
662662
#endif
663663

664+
/* === SSL === */
665+
664666
/*
665-
* The SSL implementation provides these functions (fe-secure-openssl.c)
667+
* The SSL implementation provides these functions.
668+
*/
669+
670+
/*
671+
*Implementation of PQinitSSL().
666672
*/
667673
externvoidpgtls_init_library(booldo_ssl,intdo_crypto);
674+
675+
/*
676+
* Initialize SSL library.
677+
*
678+
* The conn parameter is only used to be able to pass back an error
679+
* message - no connection-local setup is made here.
680+
*
681+
* Returns 0 if OK, -1 on failure (with a message in conn->errorMessage).
682+
*/
668683
externintpgtls_init(PGconn*conn);
684+
685+
/*
686+
*Begin or continue negotiating a secure session.
687+
*/
669688
externPostgresPollingStatusTypepgtls_open_client(PGconn*conn);
689+
690+
/*
691+
*Close SSL connection.
692+
*/
670693
externvoidpgtls_close(PGconn*conn);
694+
695+
/*
696+
*Read data from a secure connection.
697+
*
698+
* On failure, this function is responsible for putting a suitable message
699+
* into conn->errorMessage. The caller must still inspect errno, but only
700+
* to determine whether to continue/retry after error.
701+
*/
671702
externssize_tpgtls_read(PGconn*conn,void*ptr,size_tlen);
703+
704+
/*
705+
*Is there unread data waiting in the SSL read buffer?
706+
*/
672707
externboolpgtls_read_pending(PGconn*conn);
708+
709+
/*
710+
*Write data to a secure connection.
711+
*
712+
* On failure, this function is responsible for putting a suitable message
713+
* into conn->errorMessage. The caller must still inspect errno, but only
714+
* to determine whether to continue/retry after error.
715+
*/
673716
externssize_tpgtls_write(PGconn*conn,constvoid*ptr,size_tlen);
717+
718+
/*
719+
* Get the TLS finish message sent during last handshake.
720+
*
721+
* This information is useful for callers doing channel binding during
722+
* authentication.
723+
*/
674724
externchar*pgtls_get_finished(PGconn*conn,size_t*len);
725+
726+
/*
727+
* Get the hash of the server certificate, for SCRAM channel binding type
728+
* tls-server-end-point.
729+
*
730+
* NULL is sent back to the caller in the event of an error, with an
731+
* error message for the caller to consume.
732+
*/
675733
externchar*pgtls_get_peer_certificate_hash(PGconn*conn,size_t*len);
676734

735+
/* === miscellaneous macros === */
736+
677737
/*
678738
* this is so that we can check if a connection is non-blocking internally
679739
* without the overhead of a function call

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp