Skip site navigation (1) Skip section navigation (2)

Re: new libpq SSL connection option

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Andrew Chernow <ac(at)esilo(dot)com>
Cc: Alex Hunsaker <badalex(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: new libpq SSL connection option
Date: 2009-01-02 10:13:10
Message-ID: 495DE8B6.4040505@hagander.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Andrew Chernow wrote:
> Magnus Hagander wrote:
>> Alex Hunsaker wrote:
>>> On Sat, Dec 27, 2008 at 11:50, Andrew Chernow <ac(at)esilo(dot)com> wrote:
>>>> Why does pqGetHomeDirectory have to succeed to use
>>>> conn->sslrootcert. Maybe
>>>> this should be an OR of the two since sslrootcert is not dependent on
>>>> homedir?
>>>>
>>>> around line 970 src/interfaces/libpq/fe-secure.c
>>>>
>>>> if (conn->sslrootcert || pqGetHomeDirectory(homedir, sizeof(homedir)))
>>>
>>> Certainly, did we miss anywhere else?
>>>
> 
> Yes, the homedir variable is used again later in the function.  homedir
> could be invalid since pqGetHomeDirectory might not get called.  Maybe
> something like below would do the trick:
> 
> /* when used, it can't be an empty string. */
> *homedir = 0;
> 
> /* If either are NULL, homedir is needed */
> if (!conn->sslrootcert || !conn->sslcrl)
>   pqGetHomeDirectory(homedir, sizeof(homedir));
> 
> /* one of them must be valid */
> if (conn->sslrootcert || *homedir)

How about this patch?

There's a lot of whitespace change due to indentation change, so I've
included a version without it for reference.


Also, it looks like we have the same problem with the private key, in
client_cert_cb(), agreed?


//Magnus

Attachment: libpq_gethomedir_nospace.diff
Description: text/x-diff (1.8 KB)
Attachment: libpq_gethomedir.diff
Description: text/x-diff (4.3 KB)

In response to

Responses

pgsql-hackers by date

Next:From: Greg SmithDate: 2009-01-02 11:17:29
Subject: Re: benchmarking the query planner
Previous:From: Greg SmithDate: 2009-01-02 10:08:13
Subject: Re: posix_fadvise v22

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group