summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 69298db)
raw | patch | inline | side by side (parent: 69298db)
| author | Tom Lane <tgl@sss.pgh.pa.us> | |
| Fri, 30 Sep 2022 14:26:47 +0000 (10:26 -0400) | ||
| committer | Tom Lane <tgl@sss.pgh.pa.us> | |
| Fri, 30 Sep 2022 14:26:47 +0000 (10:26 -0400) |
Currently, PQsslAttributeNames() returns the same list of attribute
names regardless of its conn parameter. This patch changes it to
have behavior parallel to what 80a05679d installed for PQsslAttribute:
you get OpenSSL's attributes if conn is NULL or is an SSL-encrypted
connection, or an empty list if conn is a non-encrypted connection.
The point of this is to have sensible connection-dependent behavior
in case we ever support multiple SSL libraries. The behavior for
NULL can be defined as "the attributes for the default SSL library",
parallel to what PQsslAttribute(NULL, "library") does.
Since this is mostly just future-proofing, no back-patch.
Discussion: https://postgr.es/m/17625-fc47c78b7d71b534@postgresql.org
names regardless of its conn parameter. This patch changes it to
have behavior parallel to what 80a05679d installed for PQsslAttribute:
you get OpenSSL's attributes if conn is NULL or is an SSL-encrypted
connection, or an empty list if conn is a non-encrypted connection.
The point of this is to have sensible connection-dependent behavior
in case we ever support multiple SSL libraries. The behavior for
NULL can be defined as "the attributes for the default SSL library",
parallel to what PQsslAttribute(NULL, "library") does.
Since this is mostly just future-proofing, no back-patch.
Discussion: https://postgr.es/m/17625-fc47c78b7d71b534@postgresql.org
| doc/src/sgml/libpq.sgml | patch | blob | blame | history | |
| src/interfaces/libpq/fe-secure-openssl.c | patch | blob | blame | history |
index 026b0ec46bb2b53bc89045d9e47137cf0adff1ae..3c9bd3d6730716c26efa25b3eb7c5f349d3b2443 100644 (file)
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
<term><function>PQsslAttributeNames</function><indexterm><primary>PQsslAttributeNames</primary></indexterm></term>
<listitem>
<para>
- Returns an array of SSL attribute names available.
+ Returns an array of SSL attribute names that can be used
+ in <function>PQsslAttribute()</function>.
The array is terminated by a NULL pointer.
<synopsis>
const char * const * PQsslAttributeNames(const PGconn *conn);
</synopsis>
</para>
+
+ <para>
+ If <literal>conn</literal> is NULL, the attributes available for the
+ default SSL library are returned, or an empty list
+ if <application>libpq</application> was compiled without any SSL
+ support. If <literal>conn</literal> is not NULL, the attributes
+ available for the SSL library in use for the connection are returned,
+ or an empty list if the connection is not encrypted.
+ </para>
</listitem>
</varlistentry>
index 74b5c5987a68edb5f6c6c101560cbe0f89955ae1..b42a908733ae965d2f4384e3ab9fe8424ffa6069 100644 (file)
const char *const *
PQsslAttributeNames(PGconn *conn)
{
- static const char *const result[] = {
+ static const char *const openssl_attrs[] = {
"library",
"key_bits",
"cipher",
"protocol",
NULL
};
+ static const char *const empty_attrs[] = {NULL};
- return result;
+ if (!conn)
+ {
+ /* Return attributes of default SSL library */
+ return openssl_attrs;
+ }
+
+ /* No attrs for unencrypted connection */
+ if (conn->ssl == NULL)
+ return empty_attrs;
+
+ return openssl_attrs;
}
const char *