Daniel Gustafsson <daniel@yesql.se> writes:
>> On 29 Sep 2022, at 23:08, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> A definition that'd be consistent with what we just agreed to for
>> PQsslAttribute is:
>> PQsslAttributeNames(NULL): the attributes for the default SSL library,
>> or an empty list if there is none.
>> PQsslAttributeNames(conn): the attributes for the SSL library in use
>> on this connection, or an empty list if not encrypted.
> I think that makes sense, it keeps the API consistent.
So more or less as attached, then.
Since this is mostly about future-proofing, I'd personally be content
to put it in HEAD. Is there a case for shoehorning this into
v15 at this late date? Consistency with PQsslAttribute would be
good, but I'm not sure we want to make this kind of change post-RC1.
regards, tom lane
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 8908f775df..41864c6cf1 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -2592,12 +2592,22 @@ const char *PQsslAttribute(const PGconn *conn, const char *attribute_name);
<term><function>PQsslAttributeNames</function><indexterm><primary>PQsslAttributeNames</primary></indexterm></term>
<listitem>
<para>
- Returns an array of SSL attribute names available.
+ Returns an array of SSL attribute names that can be used
+ in <function>PQsslAttribute()</function>.
The array is terminated by a NULL pointer.
<synopsis>
const char * const * PQsslAttributeNames(const PGconn *conn);
</synopsis>
</para>
+
+ <para>
+ If <literal>conn</literal> is NULL, the attributes available for the
+ default SSL library are returned, or an empty list
+ if <application>libpq</application> was compiled without any SSL
+ support. If <literal>conn</literal> is not NULL, the attributes
+ available for the SSL library in use for the connection are returned,
+ or an empty list if the connection is not encrypted.
+ </para>
</listitem>
</varlistentry>
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 74b5c5987a..b42a908733 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -1730,7 +1730,7 @@ PQsslStruct(PGconn *conn, const char *struct_name)
const char *const *
PQsslAttributeNames(PGconn *conn)
{
- static const char *const result[] = {
+ static const char *const openssl_attrs[] = {
"library",
"key_bits",
"cipher",
@@ -1738,8 +1738,19 @@ PQsslAttributeNames(PGconn *conn)
"protocol",
NULL
};
+ static const char *const empty_attrs[] = {NULL};
- return result;
+ if (!conn)
+ {
+ /* Return attributes of default SSL library */
+ return openssl_attrs;
+ }
+
+ /* No attrs for unencrypted connection */
+ if (conn->ssl == NULL)
+ return empty_attrs;
+
+ return openssl_attrs;
}
const char *