From 8760fe28fff4842011c12fb0a29c22d0c3c11677 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 8 Feb 2021 23:52:31 +0100 Subject: [PATCH v26 02/10] nss: Remove mentions and infra of OpenSSL being the only TLS lib This rewords comments and messages which indicate that --with-ssl only has a single possible value, as well as moves OpenSSL specific code in USE_SSL into USE_OPENSSL. While in there, remove a trailing period from a single-line OpenSSL comment to better match project style. --- src/backend/libpq/hba.c | 2 +- src/include/libpq/libpq-be.h | 5 +++-- src/include/pg_config_manual.h | 3 +-- src/interfaces/libpq/fe-secure.c | 5 ++++- src/interfaces/libpq/libpq-fe.h | 2 +- 5 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index 20bf1461ce..9a04c093d5 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -1041,7 +1041,7 @@ parse_hba_line(TokenizedLine *tok_line, int elevel) ereport(elevel, (errcode(ERRCODE_CONFIG_FILE_ERROR), errmsg("hostssl record cannot match because SSL is not supported by this build"), - errhint("Compile with --with-ssl=openssl to use SSL connections."), + errhint("Compile with --with-ssl to use SSL connections."), errcontext("line %d of configuration file \"%s\"", line_num, HbaFileName))); *err_msg = "hostssl record cannot match because SSL is not supported by this build"; diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h index bc86fdfcdb..ea373a0ae0 100644 --- a/src/include/libpq/libpq-be.h +++ b/src/include/libpq/libpq-be.h @@ -193,8 +193,9 @@ typedef struct Port bool peer_cert_valid; /* - * OpenSSL structures. (Keep these last so that the locations of other - * fields are the same whether or not you build with OpenSSL.) + * SSL backend specific structures. (Keep these last so that the locations + * of other fields are the same whether or not you build with SSL + * enabled.) */ #ifdef USE_OPENSSL SSL *ssl; diff --git a/src/include/pg_config_manual.h b/src/include/pg_config_manual.h index 0e50f61b94..7861b94290 100644 --- a/src/include/pg_config_manual.h +++ b/src/include/pg_config_manual.h @@ -176,8 +176,7 @@ /* * USE_SSL code should be compiled only when compiling with an SSL - * implementation. (Currently, only OpenSSL is supported, but we might add - * more implementations in the future.) + * implementation. */ #if defined(USE_OPENSSL) || defined(USE_NSS) #define USE_SSL diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index 83ebd05ce5..3f726663f6 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -421,6 +421,9 @@ PQsslAttributeNames(PGconn *conn) return result; } +#endif /* USE_SSL */ + +#ifndef USE_OPENSSL PQsslKeyPassHook_OpenSSL_type PQgetSSLKeyPassHook_OpenSSL(void) @@ -439,7 +442,7 @@ PQdefaultSSLKeyPassHook_OpenSSL(char *buf, int size, PGconn *conn) { return 0; } -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ #ifndef USE_NSS diff --git a/src/interfaces/libpq/libpq-fe.h b/src/interfaces/libpq/libpq-fe.h index 59ce0815cf..aba32e6635 100644 --- a/src/interfaces/libpq/libpq-fe.h +++ b/src/interfaces/libpq/libpq-fe.h @@ -619,7 +619,7 @@ extern int pg_valid_server_encoding_id(int encoding); /* === in fe-secure-openssl.c === */ -/* Support for overriding sslpassword handling with a callback. */ +/* Support for overriding sslpassword handling with a callback */ typedef int (*PQsslKeyPassHook_OpenSSL_type) (char *buf, int size, PGconn *conn); extern PQsslKeyPassHook_OpenSSL_type PQgetSSLKeyPassHook_OpenSSL(void); extern void PQsetSSLKeyPassHook_OpenSSL(PQsslKeyPassHook_OpenSSL_type hook); -- 2.21.1 (Apple Git-122.3)