From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Lars Kanis <kanis(at)comcard(dot)de> |
Cc: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq |
Date: | 2009-06-22 11:31:51 |
Message-ID: | 4A3F6BA7.8080803@hagander.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Lars Kanis wrote:
> The following bug has been logged online:
>
> Bug reference: 4869
> Logged by: Lars Kanis
> Email address: kanis(at)comcard(dot)de
> PostgreSQL version: 8.4rc1
> Operating system: Linux c1170lx 2.6.24-23-generic #1 SMP Wed Apr 1
> 21:47:28 UTC 2009 i686 GNU/Linux
> Description: No proper initialization of OpenSSL-Engine in libpq
> Details:
>
> When using OpenSSL-engine pkcs11 with PGSSLKEY=pkcs11:id_45 the
> authentication to the PG-server fails with "engine not initialized".
>
> According to the OpenSSL-docs
> (http://www.openssl.org/docs/crypto/engine.html) the structural reference
> returned by ENGINE_by_id needs to be initialized first before use. The
> buildin engine doesn't need this, but most of external engines don't work
> otherwise.
>
> Moreover the structural and functional references should be freed in any
> case.
>
>
> The following patch solves the problem:
This looks good in generael to me. I remember looking at the engine code
wondering why we didn't do that, but since I don't have a good
environment to test that part in, I forgot about it :(
Shouldn't there be an ENGINE_free() in the error path of ENGINE_init()?
Should we not also call ENGINE_finish() and ENGINE_free() in the success
path of this code? Your patch adds it to the case where we didn't get
the private key, but what if we did? I assume they should also go
outside the error path, per the attached patch - or will that break
their usage?
Can you test that and verify that it doesn't break for you?
--
Magnus Hagander
Self: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
Attachment | Content-Type | Size |
---|---|---|
sslengine.patch | text/x-diff | 1.2 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Lars Kanis | 2009-06-22 13:38:45 | Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq |
Previous Message | Lars Kanis | 2009-06-22 09:23:22 | BUG #4869: No proper initialization of OpenSSL-Engine in libpq |