pgsql: Add API functions to libpq to interrogate SSL related stuff.
Add API functions to libpq to interrogate SSL related stuff.
This makes it possible to query for things like the SSL version and cipher
used, without depending on OpenSSL functions or macros. That is a good
thing if we ever get another SSL implementation.
PQgetssl() still works, but it should be considered as deprecated as it
only works with OpenSSL. In particular, PQgetSslInUse() should be used to
check if a connection uses SSL, because as soon as we have another
implementation, PQgetssl() will return NULL even if SSL is in use.
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/91fa7b4719ac583420d9143132ba4ccddefbc5b2
Modified Files
--------------
doc/src/sgml/libpq.sgml | 155 +++++++++++++++++++++++++++---
src/bin/psql/command.c | 35 +++----
src/interfaces/libpq/exports.txt | 4 +
src/interfaces/libpq/fe-secure-openssl.c | 68 +++++++++++++
src/interfaces/libpq/fe-secure.c | 20 ++++
src/interfaces/libpq/libpq-fe.h | 6 ++
6 files changed, 251 insertions(+), 37 deletions(-)
--
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers
Heikki Linnakangas <heikki.linnakangas@iki.fi> writes:
Add API functions to libpq to interrogate SSL related stuff.
This patch is one large brick shy of a load: it creates exported libpq
functions but fails to ensure they always exist. That's why jacana is
unhappy; though TBH I'm astonished that any non-ssl-enabled builds
are passing. Apparently missing library functions are less of a hard
error on Linux than they ought to be.
I think probably the exported functions need to be defined in fe-exec.c
or fe-connect.c, with bodies along the lines of
#ifdef USE_OPENSSL
call OpenSSL-specific function
#else
return NULL
#endif
(or whatever's appropriate when no SSL support). We do want these
functions to exist even in non-SSL-enabled builds.
regards, tom lane
--
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers
On 02/04/2015 02:23 AM, Tom Lane wrote:
Heikki Linnakangas <heikki.linnakangas@iki.fi> writes:
Add API functions to libpq to interrogate SSL related stuff.
This patch is one large brick shy of a load: it creates exported libpq
functions but fails to ensure they always exist. That's why jacana is
unhappy; though TBH I'm astonished that any non-ssl-enabled builds
are passing. Apparently missing library functions are less of a hard
error on Linux than they ought to be.
Yeah, that's surprising. I don't see any option in ld man page to make
it warn either.
This also shows that we don't have any regression tests for this
function. It's trivial, so I'm not worried about that, but in general it
would be good to have a regression tests suite specifically for libpq.
There are probably many other things that are not exercised by psql.
I think probably the exported functions need to be defined in fe-exec.c
or fe-connect.c, with bodies along the lines of#ifdef USE_OPENSSL
call OpenSSL-specific function
#else
return NULL
#endif(or whatever's appropriate when no SSL support). We do want these
functions to exist even in non-SSL-enabled builds.
Sure. There are dummy versions of all the other SSL-related functions, I
just missed PQsslAttributes. The OpenSSL-versions are in
fe-secure-openssl.c, and the dummy ones are in fe-secure.c, within a
"#ifndef USE_SSL" block.
Fixed now.
- Heikki
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers