Don't bother to request SSL connection over a Unix socket, since the

postmaster won't accept the request anyway. (If your kernel can't be trusted, SSL will not help you.)

Don't bother to request SSL connection over a Unix socket, since the
postmaster won't accept the request anyway. (If your kernel can't be trusted, SSL will not help you.)
78ab8034 · Tom Lane · 608d843e · 78ab8034
Commit 78ab8034 authored Mar 02, 2002 by Tom Lane
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 4 deletions

src/interfaces/libpq/fe-connect.c src/interfaces/libpq/fe-connect.c +8 -4

No files found.
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.181 2001/11/11 02:09:05 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.182 2002/03/02 00:49:22 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -309,7 +309,8 @@ PQconnectStart(const char *conninfo)
 	conn->pgpass = tmp ? strdup(tmp) : NULL;
 #ifdef USE_SSL
 	tmp = conninfo_getval(connOptions, "requiressl");
-	conn->require_ssl = tmp ? (tmp[0] == '1' ? true : false) : false;
+	if (tmp && tmp[0] == '1')
+		conn->require_ssl = true;
 #endif
 	/*
@@ -504,8 +505,6 @@ PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions,
 #ifdef USE_SSL
 	if ((tmp = getenv("PGREQUIRESSL")) != NULL)
 		conn->require_ssl = (tmp[0] == '1') ? true : false;
-	else
-		conn->require_ssl = 0;
 #endif
 	if (error)
@@ -871,6 +870,11 @@ connectDBStart(PGconn *conn)
 	{
 		UNIXSOCK_PATH(conn->raddr.un, portno, conn->pgunixsocket);
 		conn->raddr_len = UNIXSOCK_LEN(conn->raddr.un);
+#ifdef USE_SSL
+		/* Don't bother requesting SSL over a Unix socket */
+		conn->allow_ssl_try = false;
+		conn->require_ssl = false;
+#endif
 	}
 #endif