Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commita93e743

Browse files
committed
Properly initialize SSL engines when used from libpq. This is required for
most external engines.Per report and initial code from Lars Kanis
1 parentb087b01 commita93e743

File tree

2 files changed

+46
-8
lines changed

2 files changed

+46
-8
lines changed

‎src/interfaces/libpq/fe-secure.c

Lines changed: 34 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.126 2009/06/11 14:49:14 momjian Exp $
14+
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.127 2009/06/23 18:13:23 mha Exp $
1515
*
1616
* NOTES
1717
*
@@ -31,6 +31,7 @@
3131
#include"libpq-fe.h"
3232
#include"fe-auth.h"
3333
#include"pqsignal.h"
34+
#include"libpq-int.h"
3435

3536
#ifdefWIN32
3637
#include"win32.h"
@@ -62,7 +63,7 @@
6263
#if (SSLEAY_VERSION_NUMBER >=0x00907000L)
6364
#include<openssl/conf.h>
6465
#endif
65-
#if (SSLEAY_VERSION_NUMBER >=0x00907000L)&& !defined(OPENSSL_NO_ENGINE)
66+
#ifdefUSE_SSL_ENGINE
6667
#include<openssl/engine.h>
6768
#endif
6869

@@ -661,23 +662,22 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
661662
*/
662663
if (conn->sslkey&&strlen(conn->sslkey)>0)
663664
{
664-
#if (SSLEAY_VERSION_NUMBER >=0x00907000L)&& !defined(OPENSSL_NO_ENGINE)
665+
#ifdefUSE_SSL_ENGINE
665666
if (strchr(conn->sslkey,':')
666667
#ifdefWIN32
667668
&&conn->sslkey[1]!=':'
668669
#endif
669670
)
670671
{
671672
/* Colon, but not in second character, treat as engine:key */
672-
ENGINE*engine_ptr;
673673
char*engine_str=strdup(conn->sslkey);
674674
char*engine_colon=strchr(engine_str,':');
675675

676676
*engine_colon='\0';/* engine_str now has engine name */
677677
engine_colon++;/* engine_colon now has key name */
678678

679-
engine_ptr=ENGINE_by_id(engine_str);
680-
if (engine_ptr==NULL)
679+
conn->engine=ENGINE_by_id(engine_str);
680+
if (conn->engine==NULL)
681681
{
682682
char*err=SSLerrmessage();
683683

@@ -690,7 +690,22 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
690690
return0;
691691
}
692692

693-
*pkey=ENGINE_load_private_key(engine_ptr,engine_colon,
693+
if (ENGINE_init(conn->engine)==0)
694+
{
695+
char*err=SSLerrmessage();
696+
697+
printfPQExpBuffer(&conn->errorMessage,
698+
libpq_gettext("could not initialize SSL engine \"%s\": %s\n"),
699+
engine_str,err);
700+
SSLerrfree(err);
701+
ENGINE_free(conn->engine);
702+
conn->engine=NULL;
703+
free(engine_str);
704+
ERR_pop_to_mark();
705+
return0;
706+
}
707+
708+
*pkey=ENGINE_load_private_key(conn->engine,engine_colon,
694709
NULL,NULL);
695710
if (*pkey==NULL)
696711
{
@@ -700,6 +715,9 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
700715
libpq_gettext("could not read private SSL key \"%s\" from engine \"%s\": %s\n"),
701716
engine_colon,engine_str,err);
702717
SSLerrfree(err);
718+
ENGINE_finish(conn->engine);
719+
ENGINE_free(conn->engine);
720+
conn->engine=NULL;
703721
free(engine_str);
704722
ERR_pop_to_mark();
705723
return0;
@@ -1217,6 +1235,15 @@ close_SSL(PGconn *conn)
12171235
X509_free(conn->peer);
12181236
conn->peer=NULL;
12191237
}
1238+
1239+
#ifdefUSE_SSL_ENGINE
1240+
if (conn->engine)
1241+
{
1242+
ENGINE_finish(conn->engine);
1243+
ENGINE_free(conn->engine);
1244+
conn->engine=NULL;
1245+
}
1246+
#endif
12201247
}
12211248

12221249
/*

‎src/interfaces/libpq/libpq-int.h

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
1313
* Portions Copyright (c) 1994, Regents of the University of California
1414
*
15-
* $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.142 2009/06/11 14:49:14 momjian Exp $
15+
* $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.143 2009/06/23 18:13:23 mha Exp $
1616
*
1717
*-------------------------------------------------------------------------
1818
*/
@@ -76,8 +76,13 @@ typedef struct
7676
#ifdefUSE_SSL
7777
#include<openssl/ssl.h>
7878
#include<openssl/err.h>
79+
80+
#if (SSLEAY_VERSION_NUMBER >=0x00907000L)&& !defined(OPENSSL_NO_ENGINE)
81+
#defineUSE_SSL_ENGINE
7982
#endif
8083

84+
#endif/* USE_SSL */
85+
8186
/*
8287
* POSTGRES backend dependent Constants.
8388
*/
@@ -383,7 +388,13 @@ struct pg_conn
383388
X509*peer;/* X509 cert of server */
384389
charpeer_dn[256+1];/* peer distinguished name */
385390
charpeer_cn[SM_USER+1];/* peer common name */
391+
#ifdefUSE_SSL_ENGINE
392+
ENGINE*engine;/* SSL engine, if any */
393+
#else
394+
void*engine;/* dummy field to keep struct the same
395+
if OpenSSL version changes */
386396
#endif
397+
#endif/* USE_SSL */
387398

388399
#ifdefENABLE_GSS
389400
gss_ctx_id_tgctx;/* GSS context */

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp