Re: OpenSSL Applink - Mailing list pgsql-patches
From | Dave Page |
---|---|
Subject | Re: OpenSSL Applink |
Date | |
Msg-id | 46FD7443.4080805@postgresql.org Whole thread Raw |
In response to | Re: OpenSSL Applink (Dave Page <dpage@postgresql.org>) |
List | pgsql-patches |
Dave Page wrote: > Magnus Hagander wrote: >> Hrrm. Obviously, I need to go sleep now. Sorry about that. >> >> But it'd be nice to get rid of all those #ifdef blocks.. > > See the attached revision. This is untested as I don't have a linux box > to hand, but I believe it's right. Ignore that - I managed to break it :-(. Here's a corrected version. /D Index: src/interfaces/libpq/fe-secure.c =================================================================== RCS file: /projects/cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v retrieving revision 1.94 diff -c -r1.94 fe-secure.c *** src/interfaces/libpq/fe-secure.c 16 Feb 2007 17:07:00 -0000 1.94 --- src/interfaces/libpq/fe-secure.c 28 Sep 2007 21:33:46 -0000 *************** *** 111,116 **** --- 111,117 ---- #ifdef USE_SSL #include <openssl/ssl.h> + #include <openssl/bio.h> #if (SSLEAY_VERSION_NUMBER >= 0x00907000L) #include <openssl/conf.h> #endif *************** *** 579,586 **** struct stat buf2; #endif char fnbuf[MAXPGPATH]; ! FILE *fp; ! PGconn *conn = (PGconn *) SSL_get_app_data(ssl); char sebuf[256]; if (!pqGetHomeDirectory(homedir, sizeof(homedir))) --- 580,588 ---- struct stat buf2; #endif char fnbuf[MAXPGPATH]; ! FILE *fp; ! BIO *bio; ! PGconn *conn = (PGconn *) SSL_get_app_data(ssl); char sebuf[256]; if (!pqGetHomeDirectory(homedir, sizeof(homedir))) *************** *** 592,605 **** /* read the user certificate */ snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE); ! if ((fp = fopen(fnbuf, "r")) == NULL) { printfPQExpBuffer(&conn->errorMessage, libpq_gettext("could not open certificate file \"%s\": %s\n"), fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf))); return 0; } ! if (PEM_read_X509(fp, x509, NULL, NULL) == NULL) { char *err = SSLerrmessage(); --- 594,608 ---- /* read the user certificate */ snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE); ! if ((bio = BIO_new_file(fnbuf, "r")) == NULL) { printfPQExpBuffer(&conn->errorMessage, libpq_gettext("could not open certificate file \"%s\": %s\n"), fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf))); return 0; } ! ! if (PEM_read_bio_X509(bio, x509, NULL, NULL) == NULL) { char *err = SSLerrmessage(); *************** *** 607,616 **** libpq_gettext("could not read certificate file \"%s\": %s\n"), fnbuf, err); SSLerrfree(err); ! fclose(fp); return 0; } ! fclose(fp); #if (SSLEAY_VERSION_NUMBER >= 0x00907000L) && !defined(OPENSSL_NO_ENGINE) if (getenv("PGSSLKEY")) --- 610,620 ---- libpq_gettext("could not read certificate file \"%s\": %s\n"), fnbuf, err); SSLerrfree(err); ! BIO_free(bio); return 0; } ! ! BIO_free(bio); #if (SSLEAY_VERSION_NUMBER >= 0x00907000L) && !defined(OPENSSL_NO_ENGINE) if (getenv("PGSSLKEY")) *************** *** 641,647 **** SSLerrfree(err); free(engine_str); return 0; ! } *pkey = ENGINE_load_private_key(engine_ptr, engine_colon + 1, NULL, NULL); --- 645,651 ---- SSLerrfree(err); free(engine_str); return 0; ! } *pkey = ENGINE_load_private_key(engine_ptr, engine_colon + 1, NULL, NULL); *************** *** 655,661 **** SSLerrfree(err); free(engine_str); return 0; ! } free(engine_str); } else --- 659,665 ---- SSLerrfree(err); free(engine_str); return 0; ! } free(engine_str); } else *************** *** 680,686 **** return 0; } #endif ! if ((fp = fopen(fnbuf, "r")) == NULL) { printfPQExpBuffer(&conn->errorMessage, libpq_gettext("could not open private key file \"%s\": %s\n"), --- 684,691 ---- return 0; } #endif ! ! if ((bio = BIO_new_file(fnbuf, "r")) == NULL) { printfPQExpBuffer(&conn->errorMessage, libpq_gettext("could not open private key file \"%s\": %s\n"), *************** *** 688,693 **** --- 693,699 ---- return 0; } #ifndef WIN32 + BIO_get_fp(bio, &fp); if (fstat(fileno(fp), &buf2) == -1 || buf.st_dev != buf2.st_dev || buf.st_ino != buf2.st_ino) { *************** *** 696,702 **** return 0; } #endif ! if (PEM_read_PrivateKey(fp, pkey, NULL, NULL) == NULL) { char *err = SSLerrmessage(); --- 702,709 ---- return 0; } #endif ! ! if (PEM_read_bio_PrivateKey(bio, pkey, NULL, NULL) == NULL) { char *err = SSLerrmessage(); *************** *** 704,713 **** libpq_gettext("could not read private key file \"%s\": %s\n"), fnbuf, err); SSLerrfree(err); ! fclose(fp); return 0; } ! fclose(fp); } /* verify that the cert and key go together */ --- 711,722 ---- libpq_gettext("could not read private key file \"%s\": %s\n"), fnbuf, err); SSLerrfree(err); ! ! BIO_free(bio); return 0; } ! ! BIO_free(bio); } /* verify that the cert and key go together */
pgsql-patches by date: