Adjust PQsslAttributeNames() to match PQsslAttribute().

tglsfdc · tglsfdc · commit 4e4f7b9fcc9a · 2022-09-30T10:26:47.000-04:00
Currently, PQsslAttributeNames() returns the same list of attribute names regardless of its conn parameter. This patch changes it to have behavior parallel to what 80a0567 installed for PQsslAttribute: you get OpenSSL's attributes if conn is NULL or is an SSL-encrypted connection, or an empty list if conn is a non-encrypted connection. The point of this is to have sensible connection-dependent behavior in case we ever support multiple SSL libraries. The behavior for NULL can be defined as "the attributes for the default SSL library", parallel to what PQsslAttribute(NULL, "library") does. Since this is mostly just future-proofing, no back-patch. Discussion: https://postgr.es/m/17625-fc47c78b7d71b534@postgresql.org
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
@@ -2590,12 +2590,22 @@ const char *PQsslAttribute(const PGconn *conn, const char *attribute_name);
      <term><function>PQsslAttributeNames</function><indexterm><primary>PQsslAttributeNames</primary></indexterm></term>
      <listitem>
       <para>
-       Returns an array of SSL attribute names available.
+       Returns an array of SSL attribute names that can be used
+       in <function>PQsslAttribute()</function>.
        The array is terminated by a NULL pointer.
 <synopsis>
 const char * const * PQsslAttributeNames(const PGconn *conn);
 </synopsis>
       </para>
+
+      <para>
+       If <literal>conn</literal> is NULL, the attributes available for the
+       default SSL library are returned, or an empty list
+       if <application>libpq</application> was compiled without any SSL
+       support.  If <literal>conn</literal> is not NULL, the attributes
+       available for the SSL library in use for the connection are returned,
+       or an empty list if the connection is not encrypted.
+      </para>
      </listitem>
     </varlistentry>
 
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
@@ -1730,16 +1730,27 @@ PQsslStruct(PGconn *conn, const char *struct_name)
 const char *const *
 PQsslAttributeNames(PGconn *conn)
 {
-	static const char *const result[] = {
+	static const char *const openssl_attrs[] = {
 		"library",
 		"key_bits",
 		"cipher",
 		"compression",
 		"protocol",
 		NULL
 	};
+	static const char *const empty_attrs[] = {NULL};
 
-	return result;
+	if (!conn)
+	{
+		/* Return attributes of default SSL library */
+		return openssl_attrs;
+	}
+
+	/* No attrs for unencrypted connection */
+	if (conn->ssl == NULL)
+		return empty_attrs;
+
+	return openssl_attrs;
 }
 
 const char *
