NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commita93e743

committed

Properly initialize SSL engines when used from libpq. This is required for

most external engines.Per report and initial code from Lars Kanis

1 parentb087b01 commita93e743Copy full SHA for a93e743

File tree

2 files changed

+46

-8

lines changed

src/interfaces/libpq
- fe-secure.c
- libpq-int.h

2 files changed

+46

-8

lines changed

`‎src/interfaces/libpq/fe-secure.c`

Lines changed: 34 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@`
`11`	`11`	`*`
`12`	`12`	`*`
`13`	`13`	`* IDENTIFICATION`
`14`		`- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.126 2009/06/11 14:49:14 momjian Exp $`
	`14`	`+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.127 2009/06/23 18:13:23 mha Exp $`
`15`	`15`	`*`
`16`	`16`	`* NOTES`
`17`	`17`	`*`
`@@ -31,6 +31,7 @@`
`31`	`31`	`#include"libpq-fe.h"`
`32`	`32`	`#include"fe-auth.h"`
`33`	`33`	`#include"pqsignal.h"`
	`34`	`+#include"libpq-int.h"`
`34`	`35`
`35`	`36`	`#ifdefWIN32`
`36`	`37`	`#include"win32.h"`
`@@ -62,7 +63,7 @@`
`62`	`63`	`#if (SSLEAY_VERSION_NUMBER >=0x00907000L)`
`63`	`64`	`#include<openssl/conf.h>`
`64`	`65`	`#endif`
`65`		`-#if (SSLEAY_VERSION_NUMBER >=0x00907000L)&& !defined(OPENSSL_NO_ENGINE)`
	`66`	`+#ifdefUSE_SSL_ENGINE`
`66`	`67`	`#include<openssl/engine.h>`
`67`	`68`	`#endif`
`68`	`69`
`@@ -661,23 +662,22 @@ client_cert_cb(SSL ssl, X509 x509, EVP_PKEY *pkey)`
`661`	`662`	`*/`
`662`	`663`	`if (conn->sslkey&&strlen(conn->sslkey)>0)`
`663`	`664`	`{`
`664`		`-#if (SSLEAY_VERSION_NUMBER >=0x00907000L)&& !defined(OPENSSL_NO_ENGINE)`
	`665`	`+#ifdefUSE_SSL_ENGINE`
`665`	`666`	`if (strchr(conn->sslkey,':')`
`666`	`667`	`#ifdefWIN32`
`667`	`668`	`&&conn->sslkey[1]!=':'`
`668`	`669`	`#endif`
`669`	`670`	`)`
`670`	`671`	`{`
`671`	`672`	`/* Colon, but not in second character, treat as engine:key */`
`672`		`-ENGINE*engine_ptr;`
`673`	`673`	`char*engine_str=strdup(conn->sslkey);`
`674`	`674`	`char*engine_colon=strchr(engine_str,':');`
`675`	`675`
`676`	`676`	`engine_colon='\0';/ engine_str now has engine name */`
`677`	`677`	`engine_colon++;/* engine_colon now has key name */`
`678`	`678`
`679`		`-engine_ptr=ENGINE_by_id(engine_str);`
`680`		`-if (engine_ptr==NULL)`
	`679`	`+conn->engine=ENGINE_by_id(engine_str);`
	`680`	`+if (conn->engine==NULL)`
`681`	`681`	`{`
`682`	`682`	`char*err=SSLerrmessage();`
`683`	`683`
`@@ -690,7 +690,22 @@ client_cert_cb(SSL ssl, X509 x509, EVP_PKEY *pkey)`
`690`	`690`	`return0;`
`691`	`691`	`}`
`692`	`692`
`693`		`-*pkey=ENGINE_load_private_key(engine_ptr,engine_colon,`
	`693`	`+if (ENGINE_init(conn->engine)==0)`
	`694`	`+{`
	`695`	`+char*err=SSLerrmessage();`
	`696`	`+`
	`697`	`+printfPQExpBuffer(&conn->errorMessage,`
	`698`	`+libpq_gettext("could not initialize SSL engine \"%s\": %s\n"),`
	`699`	`+engine_str,err);`
	`700`	`+SSLerrfree(err);`
	`701`	`+ENGINE_free(conn->engine);`
	`702`	`+conn->engine=NULL;`
	`703`	`+free(engine_str);`
	`704`	`+ERR_pop_to_mark();`
	`705`	`+return0;`
	`706`	`+}`
	`707`	`+`
	`708`	`+*pkey=ENGINE_load_private_key(conn->engine,engine_colon,`
`694`	`709`	`NULL,NULL);`
`695`	`710`	`if (*pkey==NULL)`
`696`	`711`	`{`
`@@ -700,6 +715,9 @@ client_cert_cb(SSL ssl, X509 x509, EVP_PKEY *pkey)`
`700`	`715`	`libpq_gettext("could not read private SSL key \"%s\" from engine \"%s\": %s\n"),`
`701`	`716`	`engine_colon,engine_str,err);`
`702`	`717`	`SSLerrfree(err);`
	`718`	`+ENGINE_finish(conn->engine);`
	`719`	`+ENGINE_free(conn->engine);`
	`720`	`+conn->engine=NULL;`
`703`	`721`	`free(engine_str);`
`704`	`722`	`ERR_pop_to_mark();`
`705`	`723`	`return0;`
`@@ -1217,6 +1235,15 @@ close_SSL(PGconn *conn)`
`1217`	`1235`	`X509_free(conn->peer);`
`1218`	`1236`	`conn->peer=NULL;`
`1219`	`1237`	`}`
	`1238`	`+`
	`1239`	`+#ifdefUSE_SSL_ENGINE`
	`1240`	`+if (conn->engine)`
	`1241`	`+{`
	`1242`	`+ENGINE_finish(conn->engine);`
	`1243`	`+ENGINE_free(conn->engine);`
	`1244`	`+conn->engine=NULL;`
	`1245`	`+}`
	`1246`	`+#endif`
`1220`	`1247`	`}`
`1221`	`1248`
`1222`	`1249`	`/*`

`‎src/interfaces/libpq/libpq-int.h`

Lines changed: 12 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@`
`12`	`12`	`* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group`
`13`	`13`	`* Portions Copyright (c) 1994, Regents of the University of California`
`14`	`14`	`*`
`15`		`- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.142 2009/06/11 14:49:14 momjian Exp $`
	`15`	`+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.143 2009/06/23 18:13:23 mha Exp $`
`16`	`16`	`*`
`17`	`17`	`*-------------------------------------------------------------------------`
`18`	`18`	`*/`
`@@ -76,8 +76,13 @@ typedef struct`
`76`	`76`	`#ifdefUSE_SSL`
`77`	`77`	`#include<openssl/ssl.h>`
`78`	`78`	`#include<openssl/err.h>`
	`79`	`+`
	`80`	`+#if (SSLEAY_VERSION_NUMBER >=0x00907000L)&& !defined(OPENSSL_NO_ENGINE)`
	`81`	`+#defineUSE_SSL_ENGINE`
`79`	`82`	`#endif`
`80`	`83`
	`84`	`+#endif/* USE_SSL */`
	`85`	`+`
`81`	`86`	`/*`
`82`	`87`	`* POSTGRES backend dependent Constants.`
`83`	`88`	`*/`
`@@ -383,7 +388,13 @@ struct pg_conn`
`383`	`388`	`X509peer;/ X509 cert of server */`
`384`	`389`	`charpeer_dn[256+1];/* peer distinguished name */`
`385`	`390`	`charpeer_cn[SM_USER+1];/* peer common name */`
	`391`	`+#ifdefUSE_SSL_ENGINE`
	`392`	`+ENGINEengine;/ SSL engine, if any */`
	`393`	`+#else`
	`394`	`+voidengine;/ dummy field to keep struct the same`
	`395`	`+ if OpenSSL version changes */`
`386`	`396`	`#endif`
	`397`	`+#endif/* USE_SSL */`
`387`	`398`
`388`	`399`	`#ifdefENABLE_GSS`
`389`	`400`	`gss_ctx_id_tgctx;/* GSS context */`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita93e743

File tree

2 files changed

2 files changed

`‎src/interfaces/libpq/fe-secure.c`

`‎src/interfaces/libpq/libpq-int.h`

0 commit comments