Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit ebc8b7d

Browse files
Enable SSL library detection via PQsslAttribute()
Currently, libpq client code must have a connection handle before it can query the "library" SSL attribute. This poses problems if the client needs to know what SSL library is in use before constructing a connection string. Allow PQsslAttribute(NULL, "library") to return the library in use -- currently, just "OpenSSL" or NULL. The new behavior is announced with the LIBPQ_HAS_SSL_LIBRARY_DETECTION feature macro, allowing clients to differentiate between a libpq that was compiled without SSL support and a libpq that's just too old to tell. Author: Jacob Champion <pchampion@vmware.com> Reviewed-by: Robert Haas <robertmhaas@gmail.com> Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Discussion: https://postgr.es/m/4c8b76ef434a96627170a31c3acd33cbfd6e41f1.camel@vmware.com
1 parent 8cd7627 commit ebc8b7d

File tree

8 files changed

+75
-4
lines changed

8 files changed

+75
-4
lines changed

doc/src/sgml/libpq.sgml

+10
Original file line numberDiff line numberDiff line change
@@ -2581,6 +2581,16 @@ const char *PQsslAttribute(const PGconn *conn, const char *attribute_name);
25812581
</varlistentry>
25822582
</variablelist>
25832583
</para>
2584+
2585+
<para>
2586+
As a special case, the <literal>library</literal> attribute may be
2587+
queried without an existing connection by passing NULL as the
2588+
<literal>conn</literal> argument. The historical behavior was to return
2589+
NULL for any attribute when a NULL <literal>conn</literal> was provided;
2590+
client programs needing to differentiate between the newer and older
2591+
implementations may check the
2592+
<literal>LIBPQ_HAS_SSL_LIBRARY_DETECTION</literal> feature macro.
2593+
</para>
25842594
</listitem>
25852595
</varlistentry>
25862596

src/interfaces/libpq/Makefile

+1
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ subdir = src/interfaces/libpq
1313
top_builddir = ../../..
1414
include $(top_builddir)/src/Makefile.global
1515

16+
export with_ssl
1617

1718
PGFILEDESC = "PostgreSQL Access Library"
1819

src/interfaces/libpq/fe-secure-openssl.c

+3-3
Original file line numberDiff line numberDiff line change
@@ -1631,14 +1631,14 @@ PQsslAttributeNames(PGconn *conn)
16311631
const char *
16321632
PQsslAttribute(PGconn *conn, const char *attribute_name)
16331633
{
1634+
if (strcmp(attribute_name, "library") == 0)
1635+
return "OpenSSL";
1636+
16341637
if (!conn)
16351638
return NULL;
16361639
if (conn->ssl == NULL)
16371640
return NULL;
16381641

1639-
if (strcmp(attribute_name, "library") == 0)
1640-
return "OpenSSL";
1641-
16421642
if (strcmp(attribute_name, "key_bits") == 0)
16431643
{
16441644
static char sslbits_str[12];

src/interfaces/libpq/libpq-fe.h

+2
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@ extern "C"
3636
#define LIBPQ_HAS_PIPELINING 1
3737
/* Indicates presence of PQsetTraceFlags; also new PQtrace output format */
3838
#define LIBPQ_HAS_TRACE_FLAGS 1
39+
/* Indicates that PQsslAttribute(NULL, "library") is useful */
40+
#define LIBPQ_HAS_SSL_LIBRARY_DETECTION 1
3941

4042
/*
4143
* Option flags for PQcopyResult

src/interfaces/libpq/t/002_api.pl

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# Copyright (c) 2022, PostgreSQL Global Development Group
2+
use strict;
3+
use warnings;
4+
5+
use PostgreSQL::Test::Utils;
6+
use Test::More;
7+
8+
# Test PQsslAttribute(NULL, "library")
9+
my ($out, $err) = run_command(['testclient', '--ssl']);
10+
11+
if ($ENV{with_ssl} eq 'openssl')
12+
{
13+
is($out, 'OpenSSL', 'PQsslAttribute(NULL, "library") returns "OpenSSL"');
14+
}
15+
else
16+
{
17+
is($err, 'SSL is not enabled', 'PQsslAttribute(NULL, "library") returns NULL');
18+
}
19+
20+
done_testing();

src/interfaces/libpq/test/.gitignore

+1
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
1+
/testclient
12
/uri-regress

src/interfaces/libpq/test/Makefile

+1-1
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ endif
1111
override CPPFLAGS := -I$(libpq_srcdir) $(CPPFLAGS)
1212
LDFLAGS_INTERNAL += $(libpq_pgport)
1313

14-
PROGS = uri-regress
14+
PROGS = testclient uri-regress
1515

1616
all: $(PROGS)
1717

+37
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
/*
2+
* testclient.c
3+
* A test program for the libpq public API
4+
*
5+
* Copyright (c) 2022, PostgreSQL Global Development Group
6+
*
7+
* IDENTIFICATION
8+
* src/interfaces/libpq/test/testclient.c
9+
*/
10+
11+
#include "postgres_fe.h"
12+
13+
#include "libpq-fe.h"
14+
15+
static void
16+
print_ssl_library()
17+
{
18+
const char *lib = PQsslAttribute(NULL, "library");
19+
20+
if (!lib)
21+
fprintf(stderr, "SSL is not enabled\n");
22+
else
23+
printf("%s\n", lib);
24+
}
25+
26+
int
27+
main(int argc, char *argv[])
28+
{
29+
if ((argc > 1) && !strcmp(argv[1], "--ssl"))
30+
{
31+
print_ssl_library();
32+
return 0;
33+
}
34+
35+
printf("currently only --ssl is supported\n");
36+
return 1;
37+
}

0 commit comments

Comments
 (0)