Make Port->ssl_in_use available, even when built with !USE_SSL

hlinnaka · hlinnaka · commit e453cc274141 · 2014-11-25T09:46:11.000+02:00
Code that check the flag no longer need #ifdef's, which is more convenient.
In particular, makes it easier to write extensions that depend on it.

In the passing, modify sslinfo's ssl_is_used function to check ssl_in_use
instead of the OpenSSL specific 'ssl' pointer. It doesn't make any
difference currently, as sslinfo is only compiled when built with OpenSSL,
but seems cleaner anyway.
diff --git a/contrib/sslinfo/sslinfo.c b/contrib/sslinfo/sslinfo.c
@@ -35,7 +35,7 @@ PG_FUNCTION_INFO_V1(ssl_is_used);
 Datum
 ssl_is_used(PG_FUNCTION_ARGS)
 {
-	PG_RETURN_BOOL(MyProcPort->ssl != NULL);
+	PG_RETURN_BOOL(MyProcPort->ssl_in_use);
 }
 
 
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
@@ -925,15 +925,13 @@ parse_hba_line(List *line, int line_num, char *raw_line)
 			return NULL;
 #endif
 		}
-#ifdef USE_SSL
 		else if (token->string[4] == 'n')		/* "hostnossl" */
 		{
 			parsedline->conntype = ctHostNoSSL;
 		}
-#endif
 		else
 		{
-			/* "host", or "hostnossl" and SSL support not built in */
+			/* "host" */
 			parsedline->conntype = ctHost;
 		}
 	}							/* record type */
@@ -1684,7 +1682,6 @@ check_hba(hbaPort *port)
 				continue;
 
 			/* Check SSL state */
-#ifdef USE_SSL
 			if (port->ssl_in_use)
 			{
 				/* Connection is SSL, match both "host" and "hostssl" */
@@ -1697,11 +1694,6 @@ check_hba(hbaPort *port)
 				if (hba->conntype == ctHostSSL)
 					continue;
 			}
-#else
-			/* No SSL support, so reject "hostssl" lines */
-			if (hba->conntype == ctHostSSL)
-				continue;
-#endif
 
 			/* Check IP address */
 			switch (hba->ip_cmp_method)
diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h
@@ -184,14 +184,16 @@ typedef struct Port
 #endif
 
 	/*
-	 * SSL structures (keep these last so that the locations of other fields
-	 * are the same whether or not you build with SSL)
+	 * SSL structures.
 	 */
-#ifdef USE_SSL
 	bool		ssl_in_use;
 	char	   *peer_cn;
 	bool		peer_cert_valid;
-#endif
+
+	/*
+	 * OpenSSL structures. (Keep these last so that the locations of other
+	 * fields are the same whether or not you build with OpenSSL.)
+	 */
 #ifdef USE_OPENSSL
 	SSL		   *ssl;
 	X509	   *peer;

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ PG_FUNCTION_INFO_V1(ssl_is_used);`
`35`	`35`	`Datum`
`36`	`36`	`ssl_is_used(PG_FUNCTION_ARGS)`
`37`	`37`	`{`
`38`		`- PG_RETURN_BOOL(MyProcPort->ssl != NULL);`
	`38`	`+ PG_RETURN_BOOL(MyProcPort->ssl_in_use);`
`39`	`39`	`}`
`40`	`40`
`41`	`41`
Original file line number	Diff line number	Diff line change
`@@ -925,15 +925,13 @@ parse_hba_line(List line, int line_num, char raw_line)`
`925`	`925`	`return NULL;`
`926`	`926`	`#endif`
`927`	`927`	`}`
`928`		`-#ifdef USE_SSL`
`929`	`928`	`else if (token->string[4] == 'n') /* "hostnossl" */`
`930`	`929`	`{`
`931`	`930`	`parsedline->conntype = ctHostNoSSL;`
`932`	`931`	`}`
`933`		`-#endif`
`934`	`932`	`else`
`935`	`933`	`{`
`936`		`- /* "host", or "hostnossl" and SSL support not built in */`
	`934`	`+ /* "host" */`
`937`	`935`	`parsedline->conntype = ctHost;`
`938`	`936`	`}`
`939`	`937`	`} /* record type */`
`@@ -1684,7 +1682,6 @@ check_hba(hbaPort *port)`
`1684`	`1682`	`continue;`
`1685`	`1683`
`1686`	`1684`	`/* Check SSL state */`
`1687`		`-#ifdef USE_SSL`
`1688`	`1685`	`if (port->ssl_in_use)`
`1689`	`1686`	`{`
`1690`	`1687`	`/* Connection is SSL, match both "host" and "hostssl" */`
`@@ -1697,11 +1694,6 @@ check_hba(hbaPort *port)`
`1697`	`1694`	`if (hba->conntype == ctHostSSL)`
`1698`	`1695`	`continue;`
`1699`	`1696`	`}`
`1700`		`-#else`
`1701`		`- /* No SSL support, so reject "hostssl" lines */`
`1702`		`- if (hba->conntype == ctHostSSL)`
`1703`		`- continue;`
`1704`		`-#endif`
`1705`	`1697`
`1706`	`1698`	`/* Check IP address */`
`1707`	`1699`	`switch (hba->ip_cmp_method)`