Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit902ca3e

Browse files
committed
Here is a patch to fix win32 ssl builds. Summary of changes:
* Links with -leay32 and -lssleay32 instead of crypto and ssl. On win32,"crypto and ssl" is only used for static linking.* Initializes SSL in the backend and not just in the postmaster. Wecannot pass the SSL context from the postmaster through the parameterfile, because it contains function pointers.* Split one error check in be-secure.c. Previously we could not tellwhich of three calls actually failed. The previous code also returnedincorrect error messages if SSL_accept() failed - that function needs touse SSL_get_error() on the return value, can't just use the error queue.* Since the win32 implementation uses non-blocking sockets "behind thescenes" in order to deliver signals correctly, implements a version ofSSL_accept() that can handle this. Also, add a wait function in caseSSL_read or SSL_write() needs more data.Magnus Hagander
1 parent5431393 commit902ca3e

File tree

7 files changed

+234
-11
lines changed

7 files changed

+234
-11
lines changed

‎configure‎

Lines changed: 141 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6558,6 +6558,7 @@ fi
65586558
fi
65596559

65606560
if test "$with_openssl" = yes ; then
6561+
if test "$PORTNAME" != "win32"; then
65616562

65626563
echo "$as_me:$LINENO: checking for CRYPTO_new_ex_data in -lcrypto" >&5
65636564
echo $ECHO_N "checking for CRYPTO_new_ex_data in -lcrypto... $ECHO_C" >&6
@@ -6696,6 +6697,146 @@ echo "$as_me: error: library 'ssl' is required for OpenSSL" >&2;}
66966697
{ (exit 1); exit 1; }; }
66976698
fi
66986699

6700+
else
6701+
6702+
echo "$as_me:$LINENO: checking for CRYPTO_new_ex_data in -leay32" >&5
6703+
echo $ECHO_N "checking for CRYPTO_new_ex_data in -leay32... $ECHO_C" >&6
6704+
if test "${ac_cv_lib_eay32_CRYPTO_new_ex_data+set}" = set; then
6705+
echo $ECHO_N "(cached) $ECHO_C" >&6
6706+
else
6707+
ac_check_lib_save_LIBS=$LIBS
6708+
LIBS="-leay32 $LIBS"
6709+
cat >conftest.$ac_ext <<_ACEOF
6710+
#line $LINENO "configure"
6711+
#include "confdefs.h"
6712+
6713+
/* Override any gcc2 internal prototype to avoid an error. */
6714+
#ifdef __cplusplus
6715+
extern "C"
6716+
#endif
6717+
/* We use char because int might match the return type of a gcc2
6718+
builtin and then its argument prototype would still apply. */
6719+
char CRYPTO_new_ex_data ();
6720+
#ifdef F77_DUMMY_MAIN
6721+
# ifdef __cplusplus
6722+
extern "C"
6723+
# endif
6724+
int F77_DUMMY_MAIN() { return 1; }
6725+
#endif
6726+
int
6727+
main ()
6728+
{
6729+
CRYPTO_new_ex_data ();
6730+
;
6731+
return 0;
6732+
}
6733+
_ACEOF
6734+
rm -f conftest.$ac_objext conftest$ac_exeext
6735+
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
6736+
(eval $ac_link) 2>&5
6737+
ac_status=$?
6738+
echo "$as_me:$LINENO: \$? = $ac_status" >&5
6739+
(exit $ac_status); } &&
6740+
{ ac_try='test -s conftest$ac_exeext'
6741+
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6742+
(eval $ac_try) 2>&5
6743+
ac_status=$?
6744+
echo "$as_me:$LINENO: \$? = $ac_status" >&5
6745+
(exit $ac_status); }; }; then
6746+
ac_cv_lib_eay32_CRYPTO_new_ex_data=yes
6747+
else
6748+
echo "$as_me: failed program was:" >&5
6749+
cat conftest.$ac_ext >&5
6750+
ac_cv_lib_eay32_CRYPTO_new_ex_data=no
6751+
fi
6752+
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
6753+
LIBS=$ac_check_lib_save_LIBS
6754+
fi
6755+
echo "$as_me:$LINENO: result: $ac_cv_lib_eay32_CRYPTO_new_ex_data" >&5
6756+
echo "${ECHO_T}$ac_cv_lib_eay32_CRYPTO_new_ex_data" >&6
6757+
if test $ac_cv_lib_eay32_CRYPTO_new_ex_data = yes; then
6758+
cat >>confdefs.h <<_ACEOF
6759+
#define HAVE_LIBEAY32 1
6760+
_ACEOF
6761+
6762+
LIBS="-leay32 $LIBS"
6763+
6764+
else
6765+
{ { echo "$as_me:$LINENO: error: library 'eay32' is required for OpenSSL" >&5
6766+
echo "$as_me: error: library 'eay32' is required for OpenSSL" >&2;}
6767+
{ (exit 1); exit 1; }; }
6768+
fi
6769+
6770+
6771+
echo "$as_me:$LINENO: checking for SSL_library_init in -lssleay32" >&5
6772+
echo $ECHO_N "checking for SSL_library_init in -lssleay32... $ECHO_C" >&6
6773+
if test "${ac_cv_lib_ssleay32_SSL_library_init+set}" = set; then
6774+
echo $ECHO_N "(cached) $ECHO_C" >&6
6775+
else
6776+
ac_check_lib_save_LIBS=$LIBS
6777+
LIBS="-lssleay32 $LIBS"
6778+
cat >conftest.$ac_ext <<_ACEOF
6779+
#line $LINENO "configure"
6780+
#include "confdefs.h"
6781+
6782+
/* Override any gcc2 internal prototype to avoid an error. */
6783+
#ifdef __cplusplus
6784+
extern "C"
6785+
#endif
6786+
/* We use char because int might match the return type of a gcc2
6787+
builtin and then its argument prototype would still apply. */
6788+
char SSL_library_init ();
6789+
#ifdef F77_DUMMY_MAIN
6790+
# ifdef __cplusplus
6791+
extern "C"
6792+
# endif
6793+
int F77_DUMMY_MAIN() { return 1; }
6794+
#endif
6795+
int
6796+
main ()
6797+
{
6798+
SSL_library_init ();
6799+
;
6800+
return 0;
6801+
}
6802+
_ACEOF
6803+
rm -f conftest.$ac_objext conftest$ac_exeext
6804+
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
6805+
(eval $ac_link) 2>&5
6806+
ac_status=$?
6807+
echo "$as_me:$LINENO: \$? = $ac_status" >&5
6808+
(exit $ac_status); } &&
6809+
{ ac_try='test -s conftest$ac_exeext'
6810+
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6811+
(eval $ac_try) 2>&5
6812+
ac_status=$?
6813+
echo "$as_me:$LINENO: \$? = $ac_status" >&5
6814+
(exit $ac_status); }; }; then
6815+
ac_cv_lib_ssleay32_SSL_library_init=yes
6816+
else
6817+
echo "$as_me: failed program was:" >&5
6818+
cat conftest.$ac_ext >&5
6819+
ac_cv_lib_ssleay32_SSL_library_init=no
6820+
fi
6821+
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
6822+
LIBS=$ac_check_lib_save_LIBS
6823+
fi
6824+
echo "$as_me:$LINENO: result: $ac_cv_lib_ssleay32_SSL_library_init" >&5
6825+
echo "${ECHO_T}$ac_cv_lib_ssleay32_SSL_library_init" >&6
6826+
if test $ac_cv_lib_ssleay32_SSL_library_init = yes; then
6827+
cat >>confdefs.h <<_ACEOF
6828+
#define HAVE_LIBSSLEAY32 1
6829+
_ACEOF
6830+
6831+
LIBS="-lssleay32 $LIBS"
6832+
6833+
else
6834+
{ { echo "$as_me:$LINENO: error: library 'ssleay32' is required for OpenSSL" >&5
6835+
echo "$as_me: error: library 'ssleay32' is required for OpenSSL" >&2;}
6836+
{ (exit 1); exit 1; }; }
6837+
fi
6838+
6839+
fi
66996840
fi
67006841

67016842
if test "$with_pam" = yes ; then

‎configure.in‎

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
dnl Process this file with autoconf to produce a configure script.
2-
dnl $PostgreSQL: pgsql/configure.in,v 1.379 2004/10/01 02:00:41 neilc Exp $
2+
dnl $PostgreSQL: pgsql/configure.in,v 1.380 2004/10/06 09:35:19 momjian Exp $
33
dnl
44
dnl Developers, please strive to achieve this order:
55
dnl
@@ -672,8 +672,13 @@ fi
672672

673673
if test "$with_openssl" = yes ; then
674674
dnl Order matters!
675-
AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])])
676-
AC_CHECK_LIB(ssl, SSL_library_init, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])])
675+
if test "$PORTNAME" != "win32"; then
676+
AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])])
677+
AC_CHECK_LIB(ssl, SSL_library_init, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])])
678+
else
679+
AC_CHECK_LIB(eay32, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'eay32' is required for OpenSSL])])
680+
AC_CHECK_LIB(ssleay32, SSL_library_init, [], [AC_MSG_ERROR([library 'ssleay32' is required for OpenSSL])])
681+
fi
677682
fi
678683

679684
if test "$with_pam" = yes ; then

‎src/backend/libpq/be-secure.c‎

Lines changed: 64 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.51 2004/09/26 22:51:49 tgl Exp $
14+
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.52 2004/10/06 09:35:20 momjian Exp $
1515
*
1616
* Since the server static private key ($DataDir/server.key)
1717
* will normally be stored unencrypted so that the database
@@ -268,6 +268,11 @@ secure_read(Port *port, void *ptr, size_t len)
268268
break;
269269
caseSSL_ERROR_WANT_READ:
270270
caseSSL_ERROR_WANT_WRITE:
271+
#ifdefWIN32
272+
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
273+
(err==SSL_ERROR_WANT_READ) ?
274+
FD_READ|FD_CLOSE :FD_WRITE|FD_CLOSE);
275+
#endif
271276
gotorloop;
272277
caseSSL_ERROR_SYSCALL:
273278
if (n==-1)
@@ -356,6 +361,11 @@ secure_write(Port *port, void *ptr, size_t len)
356361
break;
357362
caseSSL_ERROR_WANT_READ:
358363
caseSSL_ERROR_WANT_WRITE:
364+
#ifdefWIN32
365+
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
366+
(err==SSL_ERROR_WANT_READ) ?
367+
FD_READ|FD_CLOSE :FD_WRITE|FD_CLOSE);
368+
#endif
359369
gotowloop;
360370
caseSSL_ERROR_SYSCALL:
361371
if (n==-1)
@@ -717,6 +727,38 @@ initialize_SSL(void)
717727
return0;
718728
}
719729

730+
#ifdefWIN32
731+
/*
732+
*Win32 socket code uses nonblocking sockets. We ned to deal with that
733+
*by waiting on the socket if the SSL accept operation didn't complete
734+
*right away.
735+
*/
736+
staticintpgwin32_SSL_accept(SSL*ssl)
737+
{
738+
intr;
739+
740+
while (1)
741+
{
742+
intrc;
743+
intwaitfor;
744+
745+
printf("uhh\n");fflush(stdout);
746+
r=SSL_accept(ssl);
747+
if (r==1)
748+
return1;
749+
750+
rc=SSL_get_error(ssl,r);
751+
if (rc!=SSL_ERROR_WANT_READ&&rc!=SSL_ERROR_WANT_WRITE)
752+
returnr;
753+
754+
waitfor= (rc==SSL_ERROR_WANT_READ)?FD_READ|FD_CLOSE|FD_ACCEPT:FD_WRITE|FD_CLOSE;
755+
if (pgwin32_waitforsinglesocket(SSL_get_fd(ssl),waitfor)==0)
756+
return-1;
757+
}
758+
}
759+
#defineSSL_accept(ssl) pgwin32_SSL_accept(ssl)
760+
#endif
761+
720762
/*
721763
*Destroy global SSL context.
722764
*/
@@ -736,12 +778,11 @@ destroy_SSL(void)
736778
staticint
737779
open_server_SSL(Port*port)
738780
{
781+
intr;
739782
Assert(!port->ssl);
740783
Assert(!port->peer);
741784

742-
if (!(port->ssl=SSL_new(SSL_context))||
743-
!SSL_set_fd(port->ssl,port->sock)||
744-
SSL_accept(port->ssl) <=0)
785+
if (!(port->ssl=SSL_new(SSL_context)))
745786
{
746787
ereport(COMMERROR,
747788
(errcode(ERRCODE_PROTOCOL_VIOLATION),
@@ -750,6 +791,25 @@ open_server_SSL(Port *port)
750791
close_SSL(port);
751792
return-1;
752793
}
794+
if (!SSL_set_fd(port->ssl,port->sock))
795+
{
796+
ereport(COMMERROR,
797+
(errcode(ERRCODE_PROTOCOL_VIOLATION),
798+
errmsg("could not set SSL socket: %s",
799+
SSLerrmessage())));
800+
close_SSL(port);
801+
return-1;
802+
}
803+
if ((r=SSL_accept(port->ssl)) <=0)
804+
{
805+
ereport(COMMERROR,
806+
(errcode(ERRCODE_PROTOCOL_VIOLATION),
807+
errmsg("could not accept SSL connection: %i",
808+
SSL_get_error(port->ssl,r))));
809+
close_SSL(port);
810+
return-1;
811+
}
812+
753813
port->count=0;
754814

755815
/* get client certificate, if available. */

‎src/backend/port/win32/socket.c‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
* Portions Copyright (c) 1996-2004, PostgreSQL Global Development Group
77
*
88
* IDENTIFICATION
9-
* $PostgreSQL: pgsql/src/backend/port/win32/socket.c,v 1.6 2004/09/07 14:31:42 tgl Exp $
9+
* $PostgreSQL: pgsql/src/backend/port/win32/socket.c,v 1.7 2004/10/06 09:35:20 momjian Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
@@ -102,7 +102,7 @@ pgwin32_poll_signals(void)
102102
return0;
103103
}
104104

105-
staticint
105+
int
106106
pgwin32_waitforsinglesocket(SOCKETs,intwhat)
107107
{
108108
staticHANDLEwaitevent=INVALID_HANDLE_VALUE;

‎src/backend/postmaster/postmaster.c‎

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@
3737
*
3838
*
3939
* IDENTIFICATION
40-
* $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.425 2004/09/09 00:59:33 momjian Exp $
40+
* $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.426 2004/10/06 09:35:21 momjian Exp $
4141
*
4242
* NOTES
4343
*
@@ -2981,6 +2981,16 @@ SubPostmasterMain(int argc, char *argv[])
29812981
/* Attach process to shared segments */
29822982
CreateSharedMemoryAndSemaphores(false,MaxBackends,0);
29832983

2984+
#ifdefUSE_SSL
2985+
/*
2986+
*Need to reinitialize the SSL library in the backend,
2987+
*since the context structures contain function pointers
2988+
*and cannot be passed through the parameter file.
2989+
*/
2990+
if (EnableSSL)
2991+
secure_initialize();
2992+
#endif
2993+
29842994
Assert(argc==3);/* shouldn't be any more args */
29852995
proc_exit(BackendRun(&port));
29862996
}

‎src/include/pg_config.h.in‎

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -227,6 +227,9 @@
227227
/* Define to 1 if you have the `dld' library (-ldld). */
228228
#undef HAVE_LIBDLD
229229

230+
/* Define to 1 if you have the `eay32' library (-leay32). */
231+
#undef HAVE_LIBEAY32
232+
230233
/* Define to 1 if you have the `gen' library (-lgen). */
231234
#undef HAVE_LIBGEN
232235

@@ -266,6 +269,9 @@
266269
/* Define to 1 if you have the `ssl' library (-lssl). */
267270
#undef HAVE_LIBSSL
268271

272+
/* Define to 1 if you have the `ssleay32' library (-lssleay32). */
273+
#undef HAVE_LIBSSLEAY32
274+
269275
/* Define to 1 if you have the `unix' library (-lunix). */
270276
#undef HAVE_LIBUNIX
271277

‎src/include/port/win32.h‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $PostgreSQL: pgsql/src/include/port/win32.h,v 1.36 2004/10/05 14:27:07 momjian Exp $ */
1+
/* $PostgreSQL: pgsql/src/include/port/win32.h,v 1.37 2004/10/06 09:35:23 momjian Exp $ */
22

33
/* undefine and redefine after #include */
44
#undef mkdir
@@ -141,6 +141,7 @@ intpgwin32_recv(SOCKET s, char *buf, int len, int flags);
141141
intpgwin32_send(SOCKETs,char*buf,intlen,intflags);
142142

143143
constchar*pgwin32_socket_strerror(interr);
144+
intpgwin32_waitforsinglesocket(SOCKETs,intwhat);
144145

145146
/* in backend/port/win32/security.c */
146147
externintpgwin32_is_admin(void);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp