diff options
Diffstat (limited to 'src/interfaces/libpq/fe-secure-common.c')
| -rw-r--r-- | src/interfaces/libpq/fe-secure-common.c | 32 |
1 files changed, 12 insertions, 20 deletions
diff --git a/src/interfaces/libpq/fe-secure-common.c b/src/interfaces/libpq/fe-secure-common.c index ce9091de8f5..7e4246c51f4 100644 --- a/src/interfaces/libpq/fe-secure-common.c +++ b/src/interfaces/libpq/fe-secure-common.c @@ -96,8 +96,7 @@ pq_verify_peer_name_matches_certificate_name(PGconn *conn, if (!(host && host[0] != '\0')) { - appendPQExpBufferStr(&conn->errorMessage, - libpq_gettext("host name must be specified\n")); + libpq_append_conn_error(conn, "host name must be specified"); return -1; } @@ -108,8 +107,7 @@ pq_verify_peer_name_matches_certificate_name(PGconn *conn, name = malloc(namelen + 1); if (name == NULL) { - appendPQExpBufferStr(&conn->errorMessage, - libpq_gettext("out of memory\n")); + libpq_append_conn_error(conn, "out of memory"); return -1; } memcpy(name, namedata, namelen); @@ -122,8 +120,7 @@ pq_verify_peer_name_matches_certificate_name(PGconn *conn, if (namelen != strlen(name)) { free(name); - appendPQExpBufferStr(&conn->errorMessage, - libpq_gettext("SSL certificate's name contains embedded null\n")); + libpq_append_conn_error(conn, "SSL certificate's name contains embedded null"); return -1; } @@ -173,8 +170,7 @@ pq_verify_peer_name_matches_certificate_ip(PGconn *conn, if (!(host && host[0] != '\0')) { - appendPQExpBufferStr(&conn->errorMessage, - libpq_gettext("host name must be specified\n")); + libpq_append_conn_error(conn, "host name must be specified"); return -1; } @@ -229,8 +225,7 @@ pq_verify_peer_name_matches_certificate_ip(PGconn *conn, * Not IPv4 or IPv6. We could ignore the field, but leniency seems * wrong given the subject matter. */ - appendPQExpBuffer(&conn->errorMessage, - libpq_gettext("certificate contains IP address with invalid length %zu\n"), + libpq_append_conn_error(conn, "certificate contains IP address with invalid length %zu", iplen); return -1; } @@ -239,8 +234,7 @@ pq_verify_peer_name_matches_certificate_ip(PGconn *conn, addrstr = pg_inet_net_ntop(family, ipdata, 8 * iplen, tmp, sizeof(tmp)); if (!addrstr) { - appendPQExpBuffer(&conn->errorMessage, - libpq_gettext("could not convert certificate's IP address to string: %s\n"), + libpq_append_conn_error(conn, "could not convert certificate's IP address to string: %s", strerror_r(errno, sebuf, sizeof(sebuf))); return -1; } @@ -272,8 +266,7 @@ pq_verify_peer_name_matches_certificate(PGconn *conn) /* Check that we have a hostname to compare with. */ if (!(host && host[0] != '\0')) { - appendPQExpBufferStr(&conn->errorMessage, - libpq_gettext("host name must be specified for a verified SSL connection\n")); + libpq_append_conn_error(conn, "host name must be specified for a verified SSL connection"); return false; } @@ -290,21 +283,20 @@ pq_verify_peer_name_matches_certificate(PGconn *conn) if (names_examined > 1) { appendPQExpBuffer(&conn->errorMessage, - libpq_ngettext("server certificate for \"%s\" (and %d other name) does not match host name \"%s\"\n", - "server certificate for \"%s\" (and %d other names) does not match host name \"%s\"\n", + libpq_ngettext("server certificate for \"%s\" (and %d other name) does not match host name \"%s\"", + "server certificate for \"%s\" (and %d other names) does not match host name \"%s\"", names_examined - 1), first_name, names_examined - 1, host); + appendPQExpBufferChar(&conn->errorMessage, '\n'); } else if (names_examined == 1) { - appendPQExpBuffer(&conn->errorMessage, - libpq_gettext("server certificate for \"%s\" does not match host name \"%s\"\n"), + libpq_append_conn_error(conn, "server certificate for \"%s\" does not match host name \"%s\"", first_name, host); } else { - appendPQExpBufferStr(&conn->errorMessage, - libpq_gettext("could not get server's host name from server certificate\n")); + libpq_append_conn_error(conn, "could not get server's host name from server certificate"); } } |