libpq with ssl vs psql without
I just noticed that if you have libpq with SSL support, but psql
without, we don't print any SSL information at all. Would it be
worthwhile to have it print that SSL is in use, even if we can't print
the details about the connection?
It's not something that's very common outside development scenarios, but
it would be trivial to implement. And the net would probably be a
code-win, since we could remove a number of #ifdef USE_SSL and replace
them with one - see attached (untested so may have typos) patch.
//Magnus
Attachments:
psql_ssl.patchtext/x-diff; name=psql_ssl.patchDownload
diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
index 84d3725..b8e18cb 100644
--- a/src/bin/psql/command.c
+++ b/src/bin/psql/command.c
@@ -64,9 +64,7 @@ static bool lookup_function_oid(PGconn *conn, const char *desc, Oid *foid);
static bool get_create_function_cmd(PGconn *conn, Oid oid, PQExpBuffer buf);
static void minimal_error_message(PGresult *res);
-#ifdef USE_SSL
static void printSSLInfo(void);
-#endif
#ifdef WIN32
static void checkWin32Codepage(void);
@@ -1327,9 +1325,7 @@ connection_warnings(void)
#ifdef WIN32
checkWin32Codepage();
#endif
-#ifdef USE_SSL
printSSLInfo();
-#endif
}
}
@@ -1339,10 +1335,10 @@ connection_warnings(void)
*
* Prints information about the current SSL connection, if SSL is in use
*/
-#ifdef USE_SSL
static void
printSSLInfo(void)
{
+#ifdef USE_SSL
int sslbits = -1;
SSL *ssl;
@@ -1353,8 +1349,11 @@ printSSLInfo(void)
SSL_get_cipher_bits(ssl, &sslbits);
printf(_("SSL connection (cipher: %s, bits: %i)\n"),
SSL_get_cipher(ssl), sslbits);
-}
+#else
+ if (PQgetssl(pset.db))
+ printf(_("SSL connection\n"));
#endif
+}
/*
Magnus Hagander <magnus@hagander.net> writes:
I just noticed that if you have libpq with SSL support, but psql
without, we don't print any SSL information at all. Would it be
worthwhile to have it print that SSL is in use, even if we can't print
the details about the connection?
I think the use-case for this is nonexistent, but you can still sell the
change on the grounds of reducing the number of #ifdefs.
It might be worth putting a comment in there, because people will wonder
what the heck this is about.
/* this can only happen if libpq has SSL support and psql doesn't */
regards, tom lane
Tom Lane wrote:
Magnus Hagander <magnus@hagander.net> writes:
I just noticed that if you have libpq with SSL support, but psql
without, we don't print any SSL information at all. Would it be
worthwhile to have it print that SSL is in use, even if we can't print
the details about the connection?I think the use-case for this is nonexistent, but you can still sell the
change on the grounds of reducing the number of #ifdefs.It might be worth putting a comment in there, because people will wonder
what the heck this is about./* this can only happen if libpq has SSL support and psql doesn't */
Done.
//Magnus