Thread: pgsql: Add support for matching wildcard server certificates to the new

Log Message:
-----------
Add support for matching wildcard server certificates to the new SSL code.

This uses the function fnmatch() which is not available on all platforms
(notably Windows), so import the implementation from NetBSD into src/port.

Modified Files:
--------------
    pgsql:
        configure (r1.612 -> r1.613)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/configure?r1=1.612&r2=1.613)
        configure.in (r1.572 -> r1.573)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/configure.in?r1=1.572&r2=1.573)
    pgsql/src/include:
        pg_config.h.in (r1.133 -> r1.134)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/pg_config.h.in?r1=1.133&r2=1.134)
    pgsql/src/interfaces/libpq:
        Makefile (r1.168 -> r1.169)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/Makefile?r1=1.168&r2=1.169)
        fe-secure.c (r1.107 -> r1.108)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-secure.c?r1=1.107&r2=1.108)
    pgsql/src/tools/msvc:
        Mkvcbuild.pm (r1.32 -> r1.33)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/tools/msvc/Mkvcbuild.pm?r1=1.32&r2=1.33)

Added Files:
-----------
    pgsql/src/include:
        fnmatchstub.h (r1.1)

(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/fnmatchstub.h?rev=1.1&content-type=text/x-cvsweb-markup)
    pgsql/src/port:
        fnmatch.c (r1.1)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/port/fnmatch.c?rev=1.1&content-type=text/x-cvsweb-markup)

mha@postgresql.org (Magnus Hagander) writes:
> Add support for matching wildcard server certificates to the new SSL code.
> This uses the function fnmatch() which is not available on all platforms
> (notably Windows), so import the implementation from NetBSD into src/port.

This has broken buildfarm member grebe ...

            regards, tom lane

Tom Lane wrote:
> mha@postgresql.org (Magnus Hagander) writes:
>> Add support for matching wildcard server certificates to the new SSL code.
>> This uses the function fnmatch() which is not available on all platforms
>> (notably Windows), so import the implementation from NetBSD into src/port.
>
> This has broken buildfarm member grebe ...

Grr.

Seems it doesn't define FNM_CASEFOLD. I guess it's not supported on AIX.

An easy fix would be a simple
#ifndef FNM_CASEFOLD
#define 0
#endif

that'll basically turn of the functionality. The other option is to have
autoconf substitute our own local version of fnmatch when this happens.
How would one go about to do that in autoconf asks the autoconf n00b?

//Magnus

Magnus Hagander <magnus@hagander.net> writes:
> ... The other option is to have
> autoconf substitute our own local version of fnmatch when this happens.
> How would one go about to do that in autoconf asks the autoconf n00b?

I'd try adding a little test program that tries to compile

    #include <fnmatch.h>
    ...
    n = fnmatch("foo","bar", FNM_CASEFOLD);

and see if that succeeds.

For extra credit, incorporate that into a new PGAC_FUNC_FNMATCH macro,
but I think you'd need to get Peter's help on the details --- I'm just
a duffer on autoconf myself.

            regards, tom lane

Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> ... The other option is to have
>> autoconf substitute our own local version of fnmatch when this happens.
>> How would one go about to do that in autoconf asks the autoconf n00b?
>
> I'd try adding a little test program that tries to compile
>
>     #include <fnmatch.h>
>     ...
>     n = fnmatch("foo","bar", FNM_CASEFOLD);
>
> and see if that succeeds.
>
> For extra credit, incorporate that into a new PGAC_FUNC_FNMATCH macro,
> but I think you'd need to get Peter's help on the details --- I'm just
> a duffer on autoconf myself.

Yeah, likely that someone who knows this will make it happen a lot faster.

Peter, got time to help me out with this? Thanks!

//Magnus