Re: [PATCHES] OpenSSL Applink

Fri, 28 Sep 2007 14:40:41 -0700 

Dave Page wrote:
> Magnus Hagander wrote:
>> Hrrm. Obviously, I need to go sleep now. Sorry about that.
>>
>> But it'd be nice to get rid of all those #ifdef blocks..
> 
> See the attached revision. This is untested as I don't have a linux box
> to hand, but I believe it's right.

Ignore that - I managed to break it :-(. Here's a corrected version.

/D

Index: src/interfaces/libpq/fe-secure.c
===================================================================
RCS file: /projects/cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v
retrieving revision 1.94
diff -c -r1.94 fe-secure.c
*** src/interfaces/libpq/fe-secure.c	16 Feb 2007 17:07:00 -0000	1.94
--- src/interfaces/libpq/fe-secure.c	28 Sep 2007 21:33:46 -0000
***************
*** 111,116 ****
--- 111,117 ----
  
  #ifdef USE_SSL
  #include <openssl/ssl.h>
+ #include <openssl/bio.h>
  #if (SSLEAY_VERSION_NUMBER >= 0x00907000L)
  #include <openssl/conf.h> 
  #endif
***************
*** 579,586 ****
  	struct stat buf2;
  #endif
  	char		fnbuf[MAXPGPATH];
! 	FILE	   *fp;
! 	PGconn	   *conn = (PGconn *) SSL_get_app_data(ssl);
  	char		sebuf[256];
  
  	if (!pqGetHomeDirectory(homedir, sizeof(homedir)))
--- 580,588 ----
  	struct stat buf2;
  #endif
  	char		fnbuf[MAXPGPATH];
! 	FILE		*fp;
! 	BIO			*bio;
! 	PGconn		*conn = (PGconn *) SSL_get_app_data(ssl);
  	char		sebuf[256];
  
  	if (!pqGetHomeDirectory(homedir, sizeof(homedir)))
***************
*** 592,605 ****
  
  	/* read the user certificate */
  	snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
! 	if ((fp = fopen(fnbuf, "r")) == NULL)
  	{
  		printfPQExpBuffer(&conn->errorMessage,
  			   libpq_gettext("could not open certificate file \"%s\": %s\n"),
  						  fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf)));
  		return 0;
  	}
! 	if (PEM_read_X509(fp, x509, NULL, NULL) == NULL)
  	{
  		char	   *err = SSLerrmessage();
  
--- 594,608 ----
  
  	/* read the user certificate */
  	snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
! 	if ((bio = BIO_new_file(fnbuf, "r")) == NULL)
  	{
  		printfPQExpBuffer(&conn->errorMessage,
  			   libpq_gettext("could not open certificate file \"%s\": %s\n"),
  						  fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf)));
  		return 0;
  	}
! 
! 	if (PEM_read_bio_X509(bio, x509, NULL, NULL) == NULL)
  	{
  		char	   *err = SSLerrmessage();
  
***************
*** 607,616 ****
  			   libpq_gettext("could not read certificate file \"%s\": %s\n"),
  						  fnbuf, err);
  		SSLerrfree(err);
! 		fclose(fp);
  		return 0;
  	}
! 	fclose(fp);
  
  #if (SSLEAY_VERSION_NUMBER >= 0x00907000L) && !defined(OPENSSL_NO_ENGINE)
  	if (getenv("PGSSLKEY"))
--- 610,620 ----
  			   libpq_gettext("could not read certificate file \"%s\": %s\n"),
  						  fnbuf, err);
  		SSLerrfree(err);
! 		BIO_free(bio);
  		return 0;
  	}
! 
! 	BIO_free(bio);
  
  #if (SSLEAY_VERSION_NUMBER >= 0x00907000L) && !defined(OPENSSL_NO_ENGINE)
  	if (getenv("PGSSLKEY"))
***************
*** 641,647 ****
  			SSLerrfree(err);
  			free(engine_str);
  			return 0;
! 		}	
  
  		*pkey = ENGINE_load_private_key(engine_ptr, engine_colon + 1,
  										NULL, NULL);
--- 645,651 ----
  			SSLerrfree(err);
  			free(engine_str);
  			return 0;
! 		}
  
  		*pkey = ENGINE_load_private_key(engine_ptr, engine_colon + 1,
  										NULL, NULL);
***************
*** 655,661 ****
  			SSLerrfree(err);
  			free(engine_str);
  			return 0;
! 		}		
  		free(engine_str);
  	}
  	else
--- 659,665 ----
  			SSLerrfree(err);
  			free(engine_str);
  			return 0;
! 		}
  		free(engine_str);
  	}
  	else
***************
*** 680,686 ****
  			return 0;
  		}
  #endif
! 		if ((fp = fopen(fnbuf, "r")) == NULL)
  		{
  			printfPQExpBuffer(&conn->errorMessage,
  				libpq_gettext("could not open private key file \"%s\": %s\n"),
--- 684,691 ----
  			return 0;
  		}
  #endif
! 
! 		if ((bio = BIO_new_file(fnbuf, "r")) == NULL)
  		{
  			printfPQExpBuffer(&conn->errorMessage,
  				libpq_gettext("could not open private key file \"%s\": %s\n"),
***************
*** 688,693 ****
--- 693,699 ----
  			return 0;
  		}
  #ifndef WIN32
+ 		BIO_get_fp(bio, &fp);
  		if (fstat(fileno(fp), &buf2) == -1 ||
  			buf.st_dev != buf2.st_dev || buf.st_ino != buf2.st_ino)
  		{
***************
*** 696,702 ****
  			return 0;
  		}
  #endif
! 		if (PEM_read_PrivateKey(fp, pkey, NULL, NULL) == NULL)
  		{
  			char	   *err = SSLerrmessage();
  
--- 702,709 ----
  			return 0;
  		}
  #endif
! 
! 		if (PEM_read_bio_PrivateKey(bio, pkey, NULL, NULL) == NULL)
  		{
  			char	   *err = SSLerrmessage();
  
***************
*** 704,713 ****
  				libpq_gettext("could not read private key file \"%s\": %s\n"),
  							fnbuf, err);
  			SSLerrfree(err);
! 			fclose(fp);
  			return 0;
  		}
! 		fclose(fp);
  	}
  
  	/* verify that the cert and key go together */
--- 711,722 ----
  				libpq_gettext("could not read private key file \"%s\": %s\n"),
  							fnbuf, err);
  			SSLerrfree(err);
! 
! 			BIO_free(bio);
  			return 0;
  		}
! 
! 		BIO_free(bio);
  	}
  
  	/* verify that the cert and key go together */

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

               http://www.postgresql.org/docs/faq

Reply via email to