Commit eb43af32 authored by Bruce Momjian's avatar Bruce Momjian

Back out SSL changes. Newer patch available.

parent a9bd1761
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
# Makefile for libpq subsystem (backend half of libpq interface) # Makefile for libpq subsystem (backend half of libpq interface)
# #
# IDENTIFICATION # IDENTIFICATION
# $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.31 2002/06/14 03:56:46 momjian Exp $ # $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.32 2002/06/14 04:09:36 momjian Exp $
# #
#------------------------------------------------------------------------- #-------------------------------------------------------------------------
...@@ -14,8 +14,7 @@ include $(top_builddir)/src/Makefile.global ...@@ -14,8 +14,7 @@ include $(top_builddir)/src/Makefile.global
# be-fsstubs is here for historical reasons, probably belongs elsewhere # be-fsstubs is here for historical reasons, probably belongs elsewhere
OBJS = be-fsstubs.o be-ssl.o auth.o crypt.o hba.o md5.o pqcomm.o \ OBJS = be-fsstubs.o auth.o crypt.o hba.o md5.o pqcomm.o pqformat.o pqsignal.o
pqformat.o pqsignal.o
all: SUBSYS.o all: SUBSYS.o
......
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $Id: pqcomm.c,v 1.134 2002/06/14 03:56:46 momjian Exp $ * $Id: pqcomm.c,v 1.135 2002/06/14 04:09:36 momjian Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -81,14 +81,6 @@ ...@@ -81,14 +81,6 @@
#include "miscadmin.h" #include "miscadmin.h"
#include "storage/ipc.h" #include "storage/ipc.h"
/* these functions are misnamed - they handle both SSL and non-SSL case */
extern ssize_t read_SSL(Port *, void *ptr, size_t len);
extern ssize_t write_SSL(Port *, const void *ptr, size_t len);
#ifdef USE_SSL
extern void close_SSL(Port *);
#endif /* USE_SSL */
static void pq_close(void); static void pq_close(void);
...@@ -146,9 +138,6 @@ pq_close(void) ...@@ -146,9 +138,6 @@ pq_close(void)
{ {
if (MyProcPort != NULL) if (MyProcPort != NULL)
{ {
#ifdef USE_SSL
close_SSL(MyProcPort);
#endif /* USE_SSL */
close(MyProcPort->sock); close(MyProcPort->sock);
/* make sure any subsequent attempts to do I/O fail cleanly */ /* make sure any subsequent attempts to do I/O fail cleanly */
MyProcPort->sock = -1; MyProcPort->sock = -1;
...@@ -427,7 +416,6 @@ StreamConnection(int server_fd, Port *port) ...@@ -427,7 +416,6 @@ StreamConnection(int server_fd, Port *port)
void void
StreamClose(int sock) StreamClose(int sock)
{ {
/* FIXME - what about closing SSL connections? */
close(sock); close(sock);
} }
...@@ -469,8 +457,14 @@ pq_recvbuf(void) ...@@ -469,8 +457,14 @@ pq_recvbuf(void)
{ {
int r; int r;
r = read_SSL(MyProcPort, PqRecvBuffer + PqRecvLength, #ifdef USE_SSL
PQ_BUFFER_SIZE - PqRecvLength); if (MyProcPort->ssl)
r = SSL_read(MyProcPort->ssl, PqRecvBuffer + PqRecvLength,
PQ_BUFFER_SIZE - PqRecvLength);
else
#endif
r = recv(MyProcPort->sock, PqRecvBuffer + PqRecvLength,
PQ_BUFFER_SIZE - PqRecvLength, 0);
if (r < 0) if (r < 0)
{ {
...@@ -486,11 +480,7 @@ pq_recvbuf(void) ...@@ -486,11 +480,7 @@ pq_recvbuf(void)
elog(COMMERROR, "pq_recvbuf: recv() failed: %m"); elog(COMMERROR, "pq_recvbuf: recv() failed: %m");
return EOF; return EOF;
} }
#ifdef USE_SSL
if (r == 0 && !MyProcPort->ssl)
#else /* USE_SSL */
if (r == 0) if (r == 0)
#endif /* USE_SSL */
{ {
/* as above, only write to postmaster log */ /* as above, only write to postmaster log */
elog(COMMERROR, "pq_recvbuf: unexpected EOF on client connection"); elog(COMMERROR, "pq_recvbuf: unexpected EOF on client connection");
...@@ -661,13 +651,14 @@ pq_flush(void) ...@@ -661,13 +651,14 @@ pq_flush(void)
{ {
int r; int r;
r = write_SSL(MyProcPort, bufptr, bufend - bufptr);
#ifdef USE_SSL #ifdef USE_SSL
if (r < 0 || (r == 0 && !MyProcPort->ssl)) if (MyProcPort->ssl)
#else /* USE_SSL */ r = SSL_write(MyProcPort->ssl, bufptr, bufend - bufptr);
else
#endif
r = send(MyProcPort->sock, bufptr, bufend - bufptr, 0);
if (r <= 0) if (r <= 0)
#endif /* USE_SSL */
{ {
if (errno == EINTR) if (errno == EINTR)
continue; /* Ok if we were interrupted */ continue; /* Ok if we were interrupted */
...@@ -712,9 +703,8 @@ int ...@@ -712,9 +703,8 @@ int
pq_eof(void) pq_eof(void)
{ {
char x; char x;
int res = 1; int res;
#ifndef USE_SSL /* not a good solution, but better than nothing */
res = recv(MyProcPort->sock, &x, 1, MSG_PEEK); res = recv(MyProcPort->sock, &x, 1, MSG_PEEK);
if (res < 0) if (res < 0)
...@@ -723,8 +713,6 @@ pq_eof(void) ...@@ -723,8 +713,6 @@ pq_eof(void)
elog(COMMERROR, "pq_eof: recv() failed: %m"); elog(COMMERROR, "pq_eof: recv() failed: %m");
return EOF; return EOF;
} }
#endif /* USE_SSL */
if (res == 0) if (res == 0)
return EOF; return EOF;
else else
......
...@@ -37,7 +37,7 @@ ...@@ -37,7 +37,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.277 2002/06/14 03:56:47 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.278 2002/06/14 04:09:36 momjian Exp $
* *
* NOTES * NOTES
* *
...@@ -165,6 +165,10 @@ static int ServerSock_INET = INVALID_SOCK; /* stream socket server */ ...@@ -165,6 +165,10 @@ static int ServerSock_INET = INVALID_SOCK; /* stream socket server */
static int ServerSock_UNIX = INVALID_SOCK; /* stream socket server */ static int ServerSock_UNIX = INVALID_SOCK; /* stream socket server */
#endif #endif
#ifdef USE_SSL
static SSL_CTX *SSL_context = NULL; /* Global SSL context */
#endif
/* /*
* Set by the -o option * Set by the -o option
*/ */
...@@ -270,10 +274,8 @@ __attribute__((format(printf, 1, 2))); ...@@ -270,10 +274,8 @@ __attribute__((format(printf, 1, 2)));
#define ShutdownDataBase() SSDataBase(BS_XLOG_SHUTDOWN) #define ShutdownDataBase() SSDataBase(BS_XLOG_SHUTDOWN)
#ifdef USE_SSL #ifdef USE_SSL
extern int initialize_ctx(const char *, void (*err)(const char *fmt,...)); static void InitSSL(void);
extern void destroy_ctx(void); static const char *SSLerrmessage(void);
extern int open_SSL_server(Port *);
extern void close_SSL(Port *);
#endif #endif
...@@ -607,10 +609,7 @@ PostmasterMain(int argc, char *argv[]) ...@@ -607,10 +609,7 @@ PostmasterMain(int argc, char *argv[])
ExitPostmaster(1); ExitPostmaster(1);
} }
if (EnableSSL) if (EnableSSL)
{ InitSSL();
if (initialize_ctx(NULL, postmaster_error) == -1)
ExitPostmaster(1);
}
#endif #endif
/* /*
...@@ -1115,9 +1114,13 @@ ProcessStartupPacket(Port *port, bool SSLdone) ...@@ -1115,9 +1114,13 @@ ProcessStartupPacket(Port *port, bool SSLdone)
#ifdef USE_SSL #ifdef USE_SSL
if (SSLok == 'S') if (SSLok == 'S')
{ {
if (open_SSL_server(port) != STATUS_OK) if (!(port->ssl = SSL_new(SSL_context)) ||
!SSL_set_fd(port->ssl, port->sock) ||
SSL_accept(port->ssl) <= 0)
{ {
elog(LOG, "failed to initialize SSL connection: %s (%m)",
SSLerrmessage());
return STATUS_ERROR; return STATUS_ERROR;
} }
} }
...@@ -1319,10 +1322,9 @@ static void ...@@ -1319,10 +1322,9 @@ static void
ConnFree(Port *conn) ConnFree(Port *conn)
{ {
#ifdef USE_SSL #ifdef USE_SSL
close_SSL(conn); if (conn->ssl)
SSL_free(conn->ssl);
#endif #endif
if (conn->sock != -1)
close(conn->sock);
free(conn); free(conn);
} }
...@@ -2422,6 +2424,72 @@ CountChildren(void) ...@@ -2422,6 +2424,72 @@ CountChildren(void)
return cnt; return cnt;
} }
#ifdef USE_SSL
/*
* Initialize SSL library and structures
*/
static void
InitSSL(void)
{
char fnbuf[2048];
SSL_load_error_strings();
SSL_library_init();
SSL_context = SSL_CTX_new(SSLv23_method());
if (!SSL_context)
{
postmaster_error("failed to create SSL context: %s",
SSLerrmessage());
ExitPostmaster(1);
}
snprintf(fnbuf, sizeof(fnbuf), "%s/server.crt", DataDir);
if (!SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
{
postmaster_error("failed to load server certificate (%s): %s",
fnbuf, SSLerrmessage());
ExitPostmaster(1);
}
snprintf(fnbuf, sizeof(fnbuf), "%s/server.key", DataDir);
if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
{
postmaster_error("failed to load private key file (%s): %s",
fnbuf, SSLerrmessage());
ExitPostmaster(1);
}
if (!SSL_CTX_check_private_key(SSL_context))
{
postmaster_error("check of private key failed: %s",
SSLerrmessage());
ExitPostmaster(1);
}
}
/*
* Obtain reason string for last SSL error
*
* Some caution is needed here since ERR_reason_error_string will
* return NULL if it doesn't recognize the error code. We don't
* want to return NULL ever.
*/
static const char *
SSLerrmessage(void)
{
unsigned long errcode;
const char *errreason;
static char errbuf[32];
errcode = ERR_get_error();
if (errcode == 0)
return "No SSL error reported";
errreason = ERR_reason_error_string(errcode);
if (errreason != NULL)
return errreason;
snprintf(errbuf, sizeof(errbuf), "SSL error code %lu", errcode);
return errbuf;
}
#endif /* USE_SSL */
/* /*
* Fire off a subprocess for startup/shutdown/checkpoint. * Fire off a subprocess for startup/shutdown/checkpoint.
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
* *
* Copyright 2000 by PostgreSQL Global Development Group * Copyright 2000 by PostgreSQL Global Development Group
* *
* $Header: /cvsroot/pgsql/src/bin/psql/startup.c,v 1.58 2002/06/14 03:56:47 momjian Exp $ * $Header: /cvsroot/pgsql/src/bin/psql/startup.c,v 1.59 2002/06/14 04:09:36 momjian Exp $
*/ */
#include "postgres_fe.h" #include "postgres_fe.h"
...@@ -678,33 +678,14 @@ printSSLInfo(void) ...@@ -678,33 +678,14 @@ printSSLInfo(void)
{ {
int sslbits = -1; int sslbits = -1;
SSL *ssl; SSL *ssl;
X509 *peer;
char sn[256];
long l;
ssl = PQgetssl(pset.db); ssl = PQgetssl(pset.db);
if (!ssl) if (!ssl)
return; /* no SSL */ return; /* no SSL */
/* peer = pset.db.peer; */
if ((peer = SSL_get_peer_certificate(ssl)) != NULL)
{
X509_NAME_oneline(X509_get_subject_name(peer), sn, sizeof sn);
}
else
{
strncpy(sn, "(anonymous)", sizeof sn);
}
printf(gettext("SSL connection\n"));
printf(gettext("(host: %s)\n"), sn);
SSL_get_cipher_bits(ssl, &sslbits); SSL_get_cipher_bits(ssl, &sslbits);
printf(gettext("(protocol: %s)\n"), SSL_get_version(ssl)), printf(gettext("SSL connection (cipher: %s, bits: %i)\n\n"),
printf(gettext("(cipher: %s, bits: %i)\n"),
SSL_get_cipher(ssl), sslbits); SSL_get_cipher(ssl), sslbits);
l = SSL_get_default_timeout(ssl);
printf(gettext("(timeout: %ld:%02ld:%02ld)\n\n"),
l / 3600L, (l / 60L) % 60L, l % 60L);
} }
#endif #endif
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $Id: libpq-be.h,v 1.28 2002/06/14 03:56:47 momjian Exp $ * $Id: libpq-be.h,v 1.29 2002/06/14 04:09:37 momjian Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -70,7 +70,6 @@ typedef struct Port ...@@ -70,7 +70,6 @@ typedef struct Port
*/ */
#ifdef USE_SSL #ifdef USE_SSL
SSL *ssl; SSL *ssl;
X509 *peer;
#endif #endif
} Port; } Port;
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
# #
# Copyright (c) 1994, Regents of the University of California # Copyright (c) 1994, Regents of the University of California
# #
# $Header: /cvsroot/pgsql/src/interfaces/libpq/Makefile,v 1.60 2002/06/14 03:56:47 momjian Exp $ # $Header: /cvsroot/pgsql/src/interfaces/libpq/Makefile,v 1.61 2002/06/14 04:09:37 momjian Exp $
# #
#------------------------------------------------------------------------- #-------------------------------------------------------------------------
...@@ -20,7 +20,7 @@ SO_MINOR_VERSION= 2 ...@@ -20,7 +20,7 @@ SO_MINOR_VERSION= 2
override CPPFLAGS := -I$(srcdir) $(CPPFLAGS) -DFRONTEND -DSYSCONFDIR='"$(sysconfdir)"' override CPPFLAGS := -I$(srcdir) $(CPPFLAGS) -DFRONTEND -DSYSCONFDIR='"$(sysconfdir)"'
OBJS= fe-auth.o fe-connect.o fe-exec.o fe-misc.o fe-print.o fe-lobj.o \ OBJS= fe-auth.o fe-connect.o fe-exec.o fe-misc.o fe-print.o fe-lobj.o \
pqexpbuffer.o dllist.o md5.o pqsignal.o fe-ssl.o \ pqexpbuffer.o dllist.o md5.o pqsignal.o \
$(INET_ATON) $(SNPRINTF) $(STRERROR) $(INET_ATON) $(SNPRINTF) $(STRERROR)
ifdef MULTIBYTE ifdef MULTIBYTE
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.184 2002/06/14 03:56:47 momjian Exp $ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.185 2002/06/14 04:09:37 momjian Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -62,6 +62,10 @@ inet_aton(const char *cp, struct in_addr * inp) ...@@ -62,6 +62,10 @@ inet_aton(const char *cp, struct in_addr * inp)
#endif #endif
#ifdef USE_SSL
static SSL_CTX *SSL_context = NULL;
#endif
#define NOTIFYLIST_INITIAL_SIZE 10 #define NOTIFYLIST_INITIAL_SIZE 10
#define NOTIFYLIST_GROWBY 10 #define NOTIFYLIST_GROWBY 10
...@@ -182,13 +186,8 @@ static char *conninfo_getval(PQconninfoOption *connOptions, ...@@ -182,13 +186,8 @@ static char *conninfo_getval(PQconninfoOption *connOptions,
static void defaultNoticeProcessor(void *arg, const char *message); static void defaultNoticeProcessor(void *arg, const char *message);
static int parseServiceInfo(PQconninfoOption *options, static int parseServiceInfo(PQconninfoOption *options,
PQExpBuffer errorMessage); PQExpBuffer errorMessage);
#ifdef USE_SSL #ifdef USE_SSL
extern int initialize_ctx(const char *passwd, void (*err)(const char *fmt,...), PGconn *); static const char *SSLerrmessage(void);
extern void destroy_ctx(PGconn *);
extern int open_SSL_client(PGconn *);
extern void close_SSL(PGconn *);
extern SSL *PQgetssl(PGconn *);
#endif #endif
...@@ -970,10 +969,28 @@ retry2: ...@@ -970,10 +969,28 @@ retry2:
} }
if (SSLok == 'S') if (SSLok == 'S')
{ {
if (initialize_ctx(NULL, NULL, conn) == -1) if (!SSL_context)
goto connect_errReturn; {
if (open_SSL_client(conn) == -1) SSL_load_error_strings();
SSL_library_init();
SSL_context = SSL_CTX_new(SSLv23_method());
if (!SSL_context)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not create SSL context: %s\n"),
SSLerrmessage());
goto connect_errReturn;
}
}
if (!(conn->ssl = SSL_new(SSL_context)) ||
!SSL_set_fd(conn->ssl, conn->sock) ||
SSL_connect(conn->ssl) <= 0)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not establish SSL connection: %s\n"),
SSLerrmessage());
goto connect_errReturn; goto connect_errReturn;
}
/* SSL connection finished. Continue to send startup packet */ /* SSL connection finished. Continue to send startup packet */
} }
else if (SSLok == 'E') else if (SSLok == 'E')
...@@ -998,7 +1015,7 @@ retry2: ...@@ -998,7 +1015,7 @@ retry2:
goto connect_errReturn; goto connect_errReturn;
} }
} }
if (conn->require_ssl && !PQgetssl(conn)) if (conn->require_ssl && !conn->ssl)
{ {
/* Require SSL, but server does not support/want it */ /* Require SSL, but server does not support/want it */
printfPQExpBuffer(&conn->errorMessage, printfPQExpBuffer(&conn->errorMessage,
...@@ -1897,7 +1914,8 @@ freePGconn(PGconn *conn) ...@@ -1897,7 +1914,8 @@ freePGconn(PGconn *conn)
return; return;
pqClearAsyncResult(conn); /* deallocate result and curTuple */ pqClearAsyncResult(conn); /* deallocate result and curTuple */
#ifdef USE_SSL #ifdef USE_SSL
close_SSL(conn); if (conn->ssl)
SSL_free(conn->ssl);
#endif #endif
if (conn->sock >= 0) if (conn->sock >= 0)
{ {
...@@ -2623,6 +2641,35 @@ PQconninfoFree(PQconninfoOption *connOptions) ...@@ -2623,6 +2641,35 @@ PQconninfoFree(PQconninfoOption *connOptions)
} }
#ifdef USE_SSL
/*
* Obtain reason string for last SSL error
*
* Some caution is needed here since ERR_reason_error_string will
* return NULL if it doesn't recognize the error code. We don't
* want to return NULL ever.
*/
static const char *
SSLerrmessage(void)
{
unsigned long errcode;
const char *errreason;
static char errbuf[32];
errcode = ERR_get_error();
if (errcode == 0)
return "No SSL error reported";
errreason = ERR_reason_error_string(errcode);
if (errreason != NULL)
return errreason;
snprintf(errbuf, sizeof(errbuf), "SSL error code %lu", errcode);
return errbuf;
}
#endif /* USE_SSL */
/* =========== accessor functions for PGconn ========= */ /* =========== accessor functions for PGconn ========= */
char * char *
PQdb(const PGconn *conn) PQdb(const PGconn *conn)
...@@ -2767,6 +2814,16 @@ PQsetClientEncoding(PGconn *conn, const char *encoding) ...@@ -2767,6 +2814,16 @@ PQsetClientEncoding(PGconn *conn, const char *encoding)
} }
#endif #endif
#ifdef USE_SSL
SSL *
PQgetssl(PGconn *conn)
{
if (!conn)
return NULL;
return conn->ssl;
}
#endif
void void
PQtrace(PGconn *conn, FILE *debug_port) PQtrace(PGconn *conn, FILE *debug_port)
{ {
......
...@@ -25,7 +25,7 @@ ...@@ -25,7 +25,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-misc.c,v 1.71 2002/06/14 03:56:47 momjian Exp $ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-misc.c,v 1.72 2002/06/14 04:09:37 momjian Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -55,13 +55,6 @@ ...@@ -55,13 +55,6 @@
#include "mb/pg_wchar.h" #include "mb/pg_wchar.h"
#endif #endif
/* these functions are misnamed - they handle both SSL and non-SSL case */
extern ssize_t read_SSL (PGconn *, void *ptr, size_t);
extern ssize_t write_SSL (PGconn *, const void *ptr, size_t);
#ifdef USE_SSL
extern ssize_t close_SSL (PGconn *);
#endif
#define DONOTICE(conn,message) \ #define DONOTICE(conn,message) \
((*(conn)->noticeHook) ((conn)->noticeArg, (message))) ((*(conn)->noticeHook) ((conn)->noticeArg, (message)))
...@@ -484,8 +477,14 @@ pqReadData(PGconn *conn) ...@@ -484,8 +477,14 @@ pqReadData(PGconn *conn)
/* OK, try to read some data */ /* OK, try to read some data */
retry3: retry3:
nread = read_SSL(conn, conn->inBuffer + conn->inEnd, #ifdef USE_SSL
conn->inBufSize - conn->inEnd); if (conn->ssl)
nread = SSL_read(conn->ssl, conn->inBuffer + conn->inEnd,
conn->inBufSize - conn->inEnd);
else
#endif
nread = recv(conn->sock, conn->inBuffer + conn->inEnd,
conn->inBufSize - conn->inEnd, 0);
if (nread < 0) if (nread < 0)
{ {
if (SOCK_ERRNO == EINTR) if (SOCK_ERRNO == EINTR)
...@@ -564,8 +563,14 @@ retry3: ...@@ -564,8 +563,14 @@ retry3:
* arrived. * arrived.
*/ */
retry4: retry4:
nread = read_SSL(conn, conn->inBuffer + conn->inEnd, #ifdef USE_SSL
conn->inBufSize - conn->inEnd); if (conn->ssl)
nread = SSL_read(conn->ssl, conn->inBuffer + conn->inEnd,
conn->inBufSize - conn->inEnd);
else
#endif
nread = recv(conn->sock, conn->inBuffer + conn->inEnd,
conn->inBufSize - conn->inEnd, 0);
if (nread < 0) if (nread < 0)
{ {
if (SOCK_ERRNO == EINTR) if (SOCK_ERRNO == EINTR)
...@@ -606,9 +611,6 @@ definitelyFailed: ...@@ -606,9 +611,6 @@ definitelyFailed:
"\tThis probably means the server terminated abnormally\n" "\tThis probably means the server terminated abnormally\n"
"\tbefore or while processing the request.\n")); "\tbefore or while processing the request.\n"));
conn->status = CONNECTION_BAD; /* No more connection to backend */ conn->status = CONNECTION_BAD; /* No more connection to backend */
#ifdef USE_SSL
close_SSL(conn);
#endif
#ifdef WIN32 #ifdef WIN32
closesocket(conn->sock); closesocket(conn->sock);
#else #else
...@@ -648,9 +650,23 @@ pqSendSome(PGconn *conn) ...@@ -648,9 +650,23 @@ pqSendSome(PGconn *conn)
/* while there's still data to send */ /* while there's still data to send */
while (len > 0) while (len > 0)
{ {
/* Prevent being SIGPIPEd if backend has closed the connection. */
#ifndef WIN32
pqsigfunc oldsighandler = pqsignal(SIGPIPE, SIG_IGN);
#endif
int sent; int sent;
sent = write_SSL(conn, ptr, len); #ifdef USE_SSL
if (conn->ssl)
sent = SSL_write(conn->ssl, ptr, len);
else
#endif
sent = send(conn->sock, ptr, len, 0);
#ifndef WIN32
pqsignal(SIGPIPE, oldsighandler);
#endif
if (sent < 0) if (sent < 0)
{ {
...@@ -716,7 +732,7 @@ pqSendSome(PGconn *conn) ...@@ -716,7 +732,7 @@ pqSendSome(PGconn *conn)
*/ */
#ifdef USE_SSL #ifdef USE_SSL
/* can't do anything for our SSL users yet */ /* can't do anything for our SSL users yet */
if (PQgetssl(conn) == NULL) if (conn->ssl == NULL)
{ {
#endif #endif
if (pqIsnonblocking(conn)) if (pqIsnonblocking(conn))
......
This diff is collapsed.
...@@ -12,7 +12,7 @@ ...@@ -12,7 +12,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $Id: libpq-int.h,v 1.47 2002/06/14 03:56:47 momjian Exp $ * $Id: libpq-int.h,v 1.48 2002/06/14 04:09:37 momjian Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -270,7 +270,6 @@ struct pg_conn ...@@ -270,7 +270,6 @@ struct pg_conn
bool allow_ssl_try; /* Allowed to try SSL negotiation */ bool allow_ssl_try; /* Allowed to try SSL negotiation */
bool require_ssl; /* Require SSL to make connection */ bool require_ssl; /* Require SSL to make connection */
SSL *ssl; /* SSL status, if have SSL connection */ SSL *ssl; /* SSL status, if have SSL connection */
X509 *peer; /* server certificate */
#endif #endif
/* Buffer for current error message */ /* Buffer for current error message */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment