Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Re: new libpq SSL connection option
Andrew Chernow wrote: > Magnus Hagander wrote: >> Alex Hunsaker wrote: >>> On Sat, Dec 27, 2008 at 11:50, Andrew Chernow <ac(at)esilo(dot)com> wrote: >>>> Why does pqGetHomeDirectory have to succeed to use >>>> conn->sslrootcert. Maybe >>>> this should be an OR of the two since sslrootcert is not dependent on >>>> homedir? >>>> >>>> around line 970 src/interfaces/libpq/fe-secure.c >>>> >>>> if (conn->sslrootcert || pqGetHomeDirectory(homedir, sizeof(homedir))) >>> >>> Certainly, did we miss anywhere else? >>> > > Yes, the homedir variable is used again later in the function. homedir > could be invalid since pqGetHomeDirectory might not get called. Maybe > something like below would do the trick: > > /* when used, it can't be an empty string. */ > *homedir = 0; > > /* If either are NULL, homedir is needed */ > if (!conn->sslrootcert || !conn->sslcrl) > pqGetHomeDirectory(homedir, sizeof(homedir)); > > /* one of them must be valid */ > if (conn->sslrootcert || *homedir) How about this patch? There's a lot of whitespace change due to indentation change, so I've included a version without it for reference. Also, it looks like we have the same problem with the private key, in client_cert_cb(), agreed? //Magnus
Attachment: libpq_gethomedir_nospace.diff
Description: text/x-diff (1.8 KB)
Description: text/x-diff (1.8 KB)
Attachment: libpq_gethomedir.diff
Description: text/x-diff (4.3 KB)
Description: text/x-diff (4.3 KB)
In response to
- Re: new libpq SSL connection option at 2008-12-30 01:46:04 from Andrew Chernow
Responses
- Re: new libpq SSL connection option at 2009-01-02 14:23:15 from Andrew Chernow
- Re: new libpq SSL connection option at 2009-01-03 01:37:28 from Alex Hunsaker
pgsql-hackers by date
Next: From: Greg Smith Date: 2009-01-02 11:17:29 Subject: Re: benchmarking the query planner Previous: From: Greg Smith Date: 2009-01-02 10:08:13 Subject: Re: posix_fadvise v22