Re: new libpq SSL connection option

Magnus Hagander wrote:
> Alex Hunsaker wrote:
>> On Sat, Dec 27, 2008 at 11:50, Andrew Chernow <ac(at)esilo(dot)com> wrote:
>>> Why does pqGetHomeDirectory have to succeed to use conn->sslrootcert. Maybe
>>> this should be an OR of the two since sslrootcert is not dependent on
>>> homedir?
>>>
>>> around line 970 src/interfaces/libpq/fe-secure.c
>>>
>>> if (conn->sslrootcert || pqGetHomeDirectory(homedir, sizeof(homedir)))
>>
>> Certainly, did we miss anywhere else?
>>

Yes, the homedir variable is used again later in the function. homedir could be
invalid since pqGetHomeDirectory might not get called. Maybe something like
below would do the trick:

/* when used, it can't be an empty string. */
*homedir = 0;

/* If either are NULL, homedir is needed */
if (!conn->sslrootcert || !conn->sslcrl)
pqGetHomeDirectory(homedir, sizeof(homedir));

/* one of them must be valid */
if (conn->sslrootcert || *homedir)

> I agree it looks strange.
>
> That said, have you actually seen a case where pqGetHomeDirectory()
> fails? Or did you just notice the code?
>

It can fail. For non-windows systems, it can fail on pqGetpwuid; which equates
to getpwuid or getpwuid_r failing. On windows, it can fail on SHGetFolderPath.
I really have no idea how likely either failure case is.

--
Andrew Chernow
eSilo, LLC
every bit counts
http://www.esilo.com/