Re: OpenSSL Applink
| От | Dave Page |
|---|---|
| Тема | Re: OpenSSL Applink |
| Дата | |
| Msg-id | 46FD7443.4080805@postgresql.org обсуждение исходный текст |
| Ответ на | Re: OpenSSL Applink (Dave Page <dpage@postgresql.org>) |
| Список | pgsql-patches |
Dave Page wrote:
> Magnus Hagander wrote:
>> Hrrm. Obviously, I need to go sleep now. Sorry about that.
>>
>> But it'd be nice to get rid of all those #ifdef blocks..
>
> See the attached revision. This is untested as I don't have a linux box
> to hand, but I believe it's right.
Ignore that - I managed to break it :-(. Here's a corrected version.
/D
Index: src/interfaces/libpq/fe-secure.c
===================================================================
RCS file: /projects/cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v
retrieving revision 1.94
diff -c -r1.94 fe-secure.c
*** src/interfaces/libpq/fe-secure.c 16 Feb 2007 17:07:00 -0000 1.94
--- src/interfaces/libpq/fe-secure.c 28 Sep 2007 21:33:46 -0000
***************
*** 111,116 ****
--- 111,117 ----
#ifdef USE_SSL
#include <openssl/ssl.h>
+ #include <openssl/bio.h>
#if (SSLEAY_VERSION_NUMBER >= 0x00907000L)
#include <openssl/conf.h>
#endif
***************
*** 579,586 ****
struct stat buf2;
#endif
char fnbuf[MAXPGPATH];
! FILE *fp;
! PGconn *conn = (PGconn *) SSL_get_app_data(ssl);
char sebuf[256];
if (!pqGetHomeDirectory(homedir, sizeof(homedir)))
--- 580,588 ----
struct stat buf2;
#endif
char fnbuf[MAXPGPATH];
! FILE *fp;
! BIO *bio;
! PGconn *conn = (PGconn *) SSL_get_app_data(ssl);
char sebuf[256];
if (!pqGetHomeDirectory(homedir, sizeof(homedir)))
***************
*** 592,605 ****
/* read the user certificate */
snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
! if ((fp = fopen(fnbuf, "r")) == NULL)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not open certificate file \"%s\": %s\n"),
fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf)));
return 0;
}
! if (PEM_read_X509(fp, x509, NULL, NULL) == NULL)
{
char *err = SSLerrmessage();
--- 594,608 ----
/* read the user certificate */
snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
! if ((bio = BIO_new_file(fnbuf, "r")) == NULL)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not open certificate file \"%s\": %s\n"),
fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf)));
return 0;
}
!
! if (PEM_read_bio_X509(bio, x509, NULL, NULL) == NULL)
{
char *err = SSLerrmessage();
***************
*** 607,616 ****
libpq_gettext("could not read certificate file \"%s\": %s\n"),
fnbuf, err);
SSLerrfree(err);
! fclose(fp);
return 0;
}
! fclose(fp);
#if (SSLEAY_VERSION_NUMBER >= 0x00907000L) && !defined(OPENSSL_NO_ENGINE)
if (getenv("PGSSLKEY"))
--- 610,620 ----
libpq_gettext("could not read certificate file \"%s\": %s\n"),
fnbuf, err);
SSLerrfree(err);
! BIO_free(bio);
return 0;
}
!
! BIO_free(bio);
#if (SSLEAY_VERSION_NUMBER >= 0x00907000L) && !defined(OPENSSL_NO_ENGINE)
if (getenv("PGSSLKEY"))
***************
*** 641,647 ****
SSLerrfree(err);
free(engine_str);
return 0;
! }
*pkey = ENGINE_load_private_key(engine_ptr, engine_colon + 1,
NULL, NULL);
--- 645,651 ----
SSLerrfree(err);
free(engine_str);
return 0;
! }
*pkey = ENGINE_load_private_key(engine_ptr, engine_colon + 1,
NULL, NULL);
***************
*** 655,661 ****
SSLerrfree(err);
free(engine_str);
return 0;
! }
free(engine_str);
}
else
--- 659,665 ----
SSLerrfree(err);
free(engine_str);
return 0;
! }
free(engine_str);
}
else
***************
*** 680,686 ****
return 0;
}
#endif
! if ((fp = fopen(fnbuf, "r")) == NULL)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not open private key file \"%s\": %s\n"),
--- 684,691 ----
return 0;
}
#endif
!
! if ((bio = BIO_new_file(fnbuf, "r")) == NULL)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not open private key file \"%s\": %s\n"),
***************
*** 688,693 ****
--- 693,699 ----
return 0;
}
#ifndef WIN32
+ BIO_get_fp(bio, &fp);
if (fstat(fileno(fp), &buf2) == -1 ||
buf.st_dev != buf2.st_dev || buf.st_ino != buf2.st_ino)
{
***************
*** 696,702 ****
return 0;
}
#endif
! if (PEM_read_PrivateKey(fp, pkey, NULL, NULL) == NULL)
{
char *err = SSLerrmessage();
--- 702,709 ----
return 0;
}
#endif
!
! if (PEM_read_bio_PrivateKey(bio, pkey, NULL, NULL) == NULL)
{
char *err = SSLerrmessage();
***************
*** 704,713 ****
libpq_gettext("could not read private key file \"%s\": %s\n"),
fnbuf, err);
SSLerrfree(err);
! fclose(fp);
return 0;
}
! fclose(fp);
}
/* verify that the cert and key go together */
--- 711,722 ----
libpq_gettext("could not read private key file \"%s\": %s\n"),
fnbuf, err);
SSLerrfree(err);
!
! BIO_free(bio);
return 0;
}
!
! BIO_free(bio);
}
/* verify that the cert and key go together */
В списке pgsql-patches по дате отправления: