diff options
author | Heikki Linnakangas | 2014-11-25 07:39:31 +0000 |
---|---|---|
committer | Heikki Linnakangas | 2014-11-25 07:46:11 +0000 |
commit | e453cc2741416dc784842b2bba68749556cf0f6f (patch) | |
tree | 7854350915ddb4668cc2eaa559d41c3ee1925870 | |
parent | f5d9698a8400972bd604069a3f15ca33e535ea6e (diff) |
Make Port->ssl_in_use available, even when built with !USE_SSL
Code that check the flag no longer need #ifdef's, which is more convenient.
In particular, makes it easier to write extensions that depend on it.
In the passing, modify sslinfo's ssl_is_used function to check ssl_in_use
instead of the OpenSSL specific 'ssl' pointer. It doesn't make any
difference currently, as sslinfo is only compiled when built with OpenSSL,
but seems cleaner anyway.
-rw-r--r-- | contrib/sslinfo/sslinfo.c | 2 | ||||
-rw-r--r-- | src/backend/libpq/hba.c | 10 | ||||
-rw-r--r-- | src/include/libpq/libpq-be.h | 10 |
3 files changed, 8 insertions, 14 deletions
diff --git a/contrib/sslinfo/sslinfo.c b/contrib/sslinfo/sslinfo.c index 641c3f0c84..da201bde33 100644 --- a/contrib/sslinfo/sslinfo.c +++ b/contrib/sslinfo/sslinfo.c @@ -35,7 +35,7 @@ PG_FUNCTION_INFO_V1(ssl_is_used); Datum ssl_is_used(PG_FUNCTION_ARGS) { - PG_RETURN_BOOL(MyProcPort->ssl != NULL); + PG_RETURN_BOOL(MyProcPort->ssl_in_use); } diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index 84da823ffa..800dcd9980 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -925,15 +925,13 @@ parse_hba_line(List *line, int line_num, char *raw_line) return NULL; #endif } -#ifdef USE_SSL else if (token->string[4] == 'n') /* "hostnossl" */ { parsedline->conntype = ctHostNoSSL; } -#endif else { - /* "host", or "hostnossl" and SSL support not built in */ + /* "host" */ parsedline->conntype = ctHost; } } /* record type */ @@ -1684,7 +1682,6 @@ check_hba(hbaPort *port) continue; /* Check SSL state */ -#ifdef USE_SSL if (port->ssl_in_use) { /* Connection is SSL, match both "host" and "hostssl" */ @@ -1697,11 +1694,6 @@ check_hba(hbaPort *port) if (hba->conntype == ctHostSSL) continue; } -#else - /* No SSL support, so reject "hostssl" lines */ - if (hba->conntype == ctHostSSL) - continue; -#endif /* Check IP address */ switch (hba->ip_cmp_method) diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h index 34e52e44b0..e81f077f98 100644 --- a/src/include/libpq/libpq-be.h +++ b/src/include/libpq/libpq-be.h @@ -184,14 +184,16 @@ typedef struct Port #endif /* - * SSL structures (keep these last so that the locations of other fields - * are the same whether or not you build with SSL) + * SSL structures. */ -#ifdef USE_SSL bool ssl_in_use; char *peer_cn; bool peer_cert_valid; -#endif + + /* + * OpenSSL structures. (Keep these last so that the locations of other + * fields are the same whether or not you build with OpenSSL.) + */ #ifdef USE_OPENSSL SSL *ssl; X509 *peer; |