Minor editorialization for be-secure.c: fix comments and some formatting

infelicities.

Minor editorialization for be-secure.c: fix comments and some formatting
infelicities.
b1993a61 · Tom Lane · c3bf3bf2 · b1993a61
Commit b1993a61 authored May 26, 2010 by Tom Lane
Show whitespace changes
Inline Side-by-side

Showing with 25 additions and 27 deletions

src/backend/libpq/be-secure.c src/backend/libpq/be-secure.c +25 -27

No files found.
--- a/src/backend/libpq/be-secure.c
+++ b/src/backend/libpq/be-secure.c
@@ -11,13 +11,13 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.100 2010/05/26 15:52:37 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.101 2010/05/26 16:15:57 tgl Exp $
 *
 *	  Since the server static private key ($DataDir/server.key)
 *	  will normally be stored unencrypted so that the database
 *	  backend can restart automatically, it is important that
 *	  we select an algorithm that continues to provide confidentiality
- *	  even if the attacker has the server's private key.  Empheral
+ *	  even if the attacker has the server's private key.  Ephemeral
 *	  DH (EDH) keys provide this, and in fact provide Perfect Forward
 *	  Secrecy (PFS) except for situations where the session can
 *	  be hijacked during a periodic handshake/renegotiation.
@@ -113,7 +113,7 @@ char	   *SSLCipherSuites = NULL;
 /* ------------------------------------------------------------ */
 /*
- *	Hardcoded DH parameters, used in empheral DH keying.
+ *	Hardcoded DH parameters, used in ephemeral DH keying.
 *	As discussed above, EDH protects the confidentiality of
 *	sessions even if the static private key is compromised,
 *	so we are *highly* motivated to ensure that we can use
@@ -411,7 +411,6 @@ wloop:
 * directly so it gets passed through the socket/signals layer on Win32.
 *
 * They are closely modelled on the original socket implementations in OpenSSL.
- *
 */
 static bool my_bio_initialized = false;
@@ -579,7 +578,7 @@ load_dh_buffer(const char *buffer, size_t len)
 }
 /*
- *	Generate an empheral DH key.  Because this can take a long
+ *	Generate an ephemeral DH key.  Because this can take a long
 *	time to compute, we can use precomputed parameters of the
 *	common key sizes.
 *
@@ -737,7 +736,7 @@ initialize_SSL(void)
 							SSLerrmessage())));
 		/*
-		 * Load and verify certificate and private key
+		 * Load and verify server's certificate and private key
 		 */
 		if (SSL_CTX_use_certificate_chain_file(SSL_context,
 											   SERVER_CERT_FILE) != 1)
@@ -782,11 +781,11 @@ initialize_SSL(void)
 							SSLerrmessage())));
 	}
-	/* set up empheral DH keys */
+	/* set up ephemeral DH keys, and disallow SSL v2 while at it */
 	SSL_CTX_set_tmp_dh_callback(SSL_context, tmp_dh_cb);
 	SSL_CTX_set_options(SSL_context, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2);
-	/* setup the allowed cipher list */
+	/* set up the allowed cipher list */
 	if (SSL_CTX_set_cipher_list(SSL_context, SSLCipherSuites) != 1)
 		elog(FATAL, "could not set the cipher list (no valid ciphers available)");
@@ -794,42 +793,38 @@ initialize_SSL(void)
 	 * Attempt to load CA store, so we can verify client certificates if
 	 * needed.
 	 */
-	if (access(ROOT_CERT_FILE, R_OK))
-	{
 	ssl_loaded_verify_locations = false;
+	if (access(ROOT_CERT_FILE, R_OK) != 0)
+	{
 		/*
-		 * If root certificate file simply not found. Don't log an error here,
+		 * If root certificate file simply not found, don't log an error here,
 		 * because it's quite likely the user isn't planning on using client
 		 * certificates. If we can't access it for other reasons, it is an
 		 * error.
 		 */
 		if (errno != ENOENT)
-		{
 			ereport(FATAL,
 				 (errmsg("could not access root certificate file \"%s\": %m",
 						 ROOT_CERT_FILE)));
 	}
-	}
 	else if (SSL_CTX_load_verify_locations(SSL_context, ROOT_CERT_FILE, NULL) != 1 ||
 			 (root_cert_list = SSL_load_client_CA_file(ROOT_CERT_FILE)) == NULL)
 	{
 		/*
 		 * File was there, but we could not load it. This means the file is
-		 * somehow broken, and we cannot do verification at all - so abort
+		 * somehow broken, and we cannot do verification at all - so fail.
-		 * here.
 		 */
-		ssl_loaded_verify_locations = false;
 		ereport(FATAL,
 				(errmsg("could not load root certificate file \"%s\": %s",
 						ROOT_CERT_FILE, SSLerrmessage())));
 	}
 	else
 	{
-		/*
+		/*----------
-		 * Check the Certificate Revocation List (CRL) if file exists.
+		 * Load the Certificate Revocation List (CRL) if file exists.
-		 * http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci803160,
+		 * http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci803160,00.html
-		 * 00.html
+		 *----------
 		 */
 		X509_STORE *cvstore = SSL_CTX_get_cert_store(SSL_context);
@@ -837,7 +832,8 @@ initialize_SSL(void)
 		{
 			/* Set the flags to check against the complete CRL chain */
 			if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) == 1)
-/* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
+			{
+				/* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
 #ifdef X509_V_FLAG_CRL_CHECK
 				X509_STORE_set_flags(cvstore,
 						  X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
@@ -847,6 +843,7 @@ initialize_SSL(void)
 						ROOT_CRL_FILE),
 				 errdetail("SSL library does not support certificate revocation lists.")));
 #endif
+			}
 			else
 			{
 				/* Not fatal - we do not require CRL */
@@ -858,14 +855,15 @@ initialize_SSL(void)
 			/*
 			 * Always ask for SSL client cert, but don't fail if it's not
-			 * presented. We'll fail later in this case, based on what we find
+			 * presented.  We might fail such connections later, depending on
-			 * in pg_hba.conf.
+			 * what we find in pg_hba.conf.
 			 */
 			SSL_CTX_set_verify(SSL_context,
 							   (SSL_VERIFY_PEER |
 								SSL_VERIFY_CLIENT_ONCE),
 							   verify_cb);
+			/* Set flag to remember CA store is successfully loaded */
 			ssl_loaded_verify_locations = true;
 		}