summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHeikki Linnakangas2014-11-25 07:39:31 +0000
committerHeikki Linnakangas2014-11-25 07:46:11 +0000
commite453cc2741416dc784842b2bba68749556cf0f6f (patch)
tree7854350915ddb4668cc2eaa559d41c3ee1925870
parentf5d9698a8400972bd604069a3f15ca33e535ea6e (diff)
Make Port->ssl_in_use available, even when built with !USE_SSL
Code that check the flag no longer need #ifdef's, which is more convenient. In particular, makes it easier to write extensions that depend on it. In the passing, modify sslinfo's ssl_is_used function to check ssl_in_use instead of the OpenSSL specific 'ssl' pointer. It doesn't make any difference currently, as sslinfo is only compiled when built with OpenSSL, but seems cleaner anyway.
-rw-r--r--contrib/sslinfo/sslinfo.c2
-rw-r--r--src/backend/libpq/hba.c10
-rw-r--r--src/include/libpq/libpq-be.h10
3 files changed, 8 insertions, 14 deletions
diff --git a/contrib/sslinfo/sslinfo.c b/contrib/sslinfo/sslinfo.c
index 641c3f0c84..da201bde33 100644
--- a/contrib/sslinfo/sslinfo.c
+++ b/contrib/sslinfo/sslinfo.c
@@ -35,7 +35,7 @@ PG_FUNCTION_INFO_V1(ssl_is_used);
Datum
ssl_is_used(PG_FUNCTION_ARGS)
{
- PG_RETURN_BOOL(MyProcPort->ssl != NULL);
+ PG_RETURN_BOOL(MyProcPort->ssl_in_use);
}
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index 84da823ffa..800dcd9980 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -925,15 +925,13 @@ parse_hba_line(List *line, int line_num, char *raw_line)
return NULL;
#endif
}
-#ifdef USE_SSL
else if (token->string[4] == 'n') /* "hostnossl" */
{
parsedline->conntype = ctHostNoSSL;
}
-#endif
else
{
- /* "host", or "hostnossl" and SSL support not built in */
+ /* "host" */
parsedline->conntype = ctHost;
}
} /* record type */
@@ -1684,7 +1682,6 @@ check_hba(hbaPort *port)
continue;
/* Check SSL state */
-#ifdef USE_SSL
if (port->ssl_in_use)
{
/* Connection is SSL, match both "host" and "hostssl" */
@@ -1697,11 +1694,6 @@ check_hba(hbaPort *port)
if (hba->conntype == ctHostSSL)
continue;
}
-#else
- /* No SSL support, so reject "hostssl" lines */
- if (hba->conntype == ctHostSSL)
- continue;
-#endif
/* Check IP address */
switch (hba->ip_cmp_method)
diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h
index 34e52e44b0..e81f077f98 100644
--- a/src/include/libpq/libpq-be.h
+++ b/src/include/libpq/libpq-be.h
@@ -184,14 +184,16 @@ typedef struct Port
#endif
/*
- * SSL structures (keep these last so that the locations of other fields
- * are the same whether or not you build with SSL)
+ * SSL structures.
*/
-#ifdef USE_SSL
bool ssl_in_use;
char *peer_cn;
bool peer_cert_valid;
-#endif
+
+ /*
+ * OpenSSL structures. (Keep these last so that the locations of other
+ * fields are the same whether or not you build with OpenSSL.)
+ */
#ifdef USE_OPENSSL
SSL *ssl;
X509 *peer;