8000 Enable SSL library detection via PQsslAttribute() · postgrespro/postgres@ebc8b7d · GitHub
[go: up one dir, main page]
Skip to content

    • Commit ebc8b7d

    Browse files
    danielgustafssondanielgustafsson
    committed
    Enable SSL library detection via PQsslAttribute()
    Currently, libpq client code must have a connection handle before it can query the "library" SSL attribute. This poses problems if the client needs to know what SSL library is in use before constructing a connection string. Allow PQsslAttribute(NULL, "library") to return the library in use -- currently, just "OpenSSL" or NULL. The new behavior is announced with the LIBPQ_HAS_SSL_LIBRARY_DETECTION feature macro, allowing clients to differentiate between a libpq that was compiled without SSL support and a libpq that's just too old to tell. Author: Jacob Champion <pchampion@vmware.com> Reviewed-by: Robert Haas <robertmhaas@gmail.com> Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Discussion: https://postgr.es/m/4c8b76ef434a96627170a31c3acd33cbfd6e41f1.camel@vmware.com
    1 parent 8cd7627 commit ebc8b7d

    File tree

    8 files changed

    +75
    -4
    lines changed

    8 files changed

    +75
    -4
    lines changed

    doc/src/sgml/libpq.sgml

    Lines changed: 10 additions & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -2581,6 +2581,16 @@ const char *PQsslAttribute(const PGconn *conn, const char *attribute_name);
    25812581
    </varlistentry>
    25822582
    </variablelist>
    25832583
    </para>
    2584+
    2585+
    <para>
    2586+
    As a special case, the <literal>library</literal> attribute may be
    2587+
    queried without an existing connection by passing NULL as the
    2588+
    <literal>conn</literal> argument. The historical behavior was to return
    2589+
    NULL for any attribute when a NULL <literal>conn</literal> was provided;
    2590+
    client programs needing to differentiate between the newer and older
    2591+
    implementations may check the
    2592+
    <literal>LIBPQ_HAS_SSL_LIBRARY_DETECTION</literal> feature macro.
    2593+
    </para>
    25842594
    </listitem>
    25852595
    </varlistentry>
    25862596

    src/interfaces/libpq/Makefile

    Lines changed: 1 addition & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -13,6 +13,7 @@ subdir = src/interfaces/libpq
    1313
    top_builddir = ../../..
    1414
    include $(top_builddir)/src/Makefile.global
    1515

    16+
    export with_ssl
    1617

    1718
    PGFILEDESC = "PostgreSQL Access Library"
    1819

    src/interfaces/libpq/fe-secure-openssl.c

    Lines changed: 3 additions & 3 deletions
    Original file line numberDiff line numberDiff line change
    @@ -1631,14 +1631,14 @@ PQsslAttributeNames(PGconn *conn)
    16311631
    const char *
    16321632
    PQsslAttribute(PGconn *conn, const char *attribute_name)
    16331633
    {
    1634+
    if (strcmp(attribute_name, "library") == 0)
    1635+
    return "OpenSSL";
    1636+
    16341637
    if (!conn)
    16351638
    return NULL;
    16361639
    if (conn->ssl == NULL)
    16371640
    return NULL;
    16381641

    1639-
    if (strcmp(attribute_name, "library") == 0)
    1640-
    return "OpenSSL";
    1641-
    16421642
    if (strcmp(attribute_name, "key_bits") == 0)
    16431643
    {
    16441644
    static char sslbits_str[12];

    src/interfaces/libpq/libpq-fe.h

    Lines changed: 2 additions & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -36,6 +36,8 @@ extern "C"
    3636
    #define LIBPQ_HAS_PIPELINING 1
    3737
    /* Indicates presence of PQsetTraceFlags; also new PQtrace output format */
    3838
    #define LIBPQ_HAS_TRACE_FLAGS 1
    39+
    /* Indicates that PQsslAttribute(NULL, "library") is useful */
    40+
    #define LIBPQ_HAS_SSL_LIBRARY_DETECTION 1
    3941

    4042
    /*
    4143
    * Option flags for PQcopyResult

    src/interfaces/libpq/t/002_api.pl

    Lines changed: 20 additions & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -0,0 +1,20 @@
    1+
    # Copyright (c) 2022, PostgreSQL Global Development Group
    2+
    use strict;
    3+
    use warnings;
    4+
    5+
    use PostgreSQL::Test::Utils;
    6+
    use Test::More;
    7+
    8+
    # Test PQsslAttribute(NULL, "library")
    9+
    my ($out, $err) = run_command(['testclient', '--ssl']);
    10+
    11+
    if ($ENV{with_ssl} eq 'openssl')
    12+
    {
    13+
    is($out, 'OpenSSL', 'PQsslAttribute(NULL, "library") returns "OpenSSL"');
    14+
    }
    15+
    else
    16+
    {
    17+
    is($err, 'SSL is not enabled', 'PQsslAttribute(NULL, "library") returns NULL');
    18+
    }
    19+
    20+
    done_testing();

    src/interfaces/libpq/test/.gitignore

    Lines changed: 1 addition & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -1 +1,2 @@
    1+
    /testclient
    12
    /uri-regress

    src/interfaces/libpq/test/Makefile

    Lines changed: 1 addition & 1 deletion
    Original file line numberDiff line numberDiff line change
    @@ -11,7 +11,7 @@ endif
    1111
    override CPPFLAGS := -I$(libpq_srcdir) $(CPPFLAGS)
    1212
    LDFLAGS_INTERNAL += $(libpq_pgport)
    1313

    14-
    PROGS = uri-regress
    14+
    PROGS = testclient uri-regress
    1515

    1616
    all: $(PROGS)
    1717

    src/interfaces/libpq/test/testclient.c

    Lines changed: 37 additions & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -0,0 +1,37 @@
    1+
    /*
    2+
    * testclient.c
    3+
    * A test program for the libpq public API
    4+
    *
    5+
    * Copyright (c) 2022, PostgreSQL Global Development Group
    6+
    *
    7+
    * IDENTIFICATION
    8+
    * src/interfaces/libpq/test/testclient.c
    9+
    */
    10+
    11+
    #include "postgres_fe.h"
    12+
    13+
    #include "libpq-fe.h"
    14+
    15+
    static void
    16+
    print_ssl_library()
    17+
    {
    18+
    const char *lib = PQsslAttribute(NULL, "library");
    19+
    20+
    if (!lib)
    21+
    fprintf(stderr, "SSL is not enabled\n");
    22+
    else
    23+
    printf("%s\n", lib);
    24+
    }
    25+
    26+
    int
    27+
    main(int argc, char *argv[])
    28+
    {
    29+
    if ((argc > 1) && !strcmp(argv[1], "--ssl"))
    30+
    {
    31+
    print_ssl_library();
    32+
    return 0;
    33+
    }
    34+
    35+
    printf("currently only --ssl is supported\n");
    36+
    return 1;
    37+
    }

    0 commit comments

    Comments
     (0)
    0