Skip to content

Commit ebc8b7d

Browse files
danielgustafssondanielgustafsson
committed
Enable SSL library detection via PQsslAttribute()
Currently, libpq client code must have a connection handle before it can query the "library" SSL attribute. This poses problems if the client needs to know what SSL library is in use before constructing a connection string. Allow PQsslAttribute(NULL, "library") to return the library in use -- currently, just "OpenSSL" or NULL. The new behavior is announced with the LIBPQ_HAS_SSL_LIBRARY_DETECTION feature macro, allowing clients to differentiate between a libpq that was compiled without SSL support and a libpq that's just too old to tell. Author: Jacob Champion <pchampion@vmware.com> Reviewed-by: Robert Haas <robertmhaas@gmail.com> Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Discussion: https://postgr.es/m/4c8b76ef434a96627170a31c3acd33cbfd6e41f1.camel@vmware.com
1 parent 8cd7627 commit ebc8b7d

File tree

8 files changed

+75
-4
lines changed

8 files changed

+75
-4
lines changed

doc/src/sgml/libpq.sgml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2581,6 +2581,16 @@ const char *PQsslAttribute(const PGconn *conn, const char *attribute_name);
25812581
</varlistentry>
25822582
</variablelist>
25832583
</para>
2584+
2585+
<para>
2586+
As a special case, the <literal>library</literal> attribute may be
2587+
queried without an existing connection by passing NULL as the
2588+
<literal>conn</literal> argument. The historical behavior was to return
2589+
NULL for any attribute when a NULL <literal>conn</literal> was provided;
2590+
client programs needing to differentiate between the newer and older
2591+
implementations may check the
2592+
<literal>LIBPQ_HAS_SSL_LIBRARY_DETECTION</literal> feature macro.
2593+
</para>
25842594
</listitem>
25852595
</varlistentry>
25862596

src/interfaces/libpq/Makefile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ subdir = src/interfaces/libpq
1313
top_builddir = ../../..
1414
include $(top_builddir)/src/Makefile.global
1515

16+
export with_ssl
1617

1718
PGFILEDESC = "PostgreSQL Access Library"
1819

src/interfaces/libpq/fe-secure-openssl.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1631,14 +1631,14 @@ PQsslAttributeNames(PGconn *conn)
16311631
const char *
16321632
PQsslAttribute(PGconn *conn, const char *attribute_name)
16331633
{
1634+
if (strcmp(attribute_name, "library") == 0)
1635+
return "OpenSSL";
1636+
16341637
if (!conn)
16351638
return NULL;
16361639
if (conn->ssl == NULL)
16371640
return NULL;
16381641

1639-
if (strcmp(attribute_name, "library") == 0)
1640-
return "OpenSSL";
1641-
16421642
if (strcmp(attribute_name, "key_bits") == 0)
16431643
{
16441644
static char sslbits_str[12];

src/interfaces/libpq/libpq-fe.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@ extern "C"
3636
#define LIBPQ_HAS_PIPELINING 1
3737
/* Indicates presence of PQsetTraceFlags; also new PQtrace output format */
3838
#define LIBPQ_HAS_TRACE_FLAGS 1
39+
/* Indicates that PQsslAttribute(NULL, "library") is useful */
40+
#define LIBPQ_HAS_SSL_LIBRARY_DETECTION 1
3941

4042
/*
4143
* Option flags for PQcopyResult

src/interfaces/libpq/t/002_api.pl

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# Copyright (c) 2022, PostgreSQL Global Development Group
2+
use strict;
3+
use warnings;
4+
5+
use PostgreSQL::Test::Utils;
6+
use Test::More;
7+
8+
# Test PQsslAttribute(NULL, "library")
9+
my ($out, $err) = run_command(['testclient', '--ssl']);
10+
11+
if ($ENV{with_ssl} eq 'openssl')
12+
{
13+
is($out, 'OpenSSL', 'PQsslAttribute(NULL, "library") returns "OpenSSL"');
14+
}
15+
else
16+
{
17+
is($err, 'SSL is not enabled', 'PQsslAttribute(NULL, "library") returns NULL');
18+
}
19+
20+
done_testing();

src/interfaces/libpq/test/.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
1+
/testclient
12
/uri-regress

src/interfaces/libpq/test/Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ endif
1111
override CPPFLAGS := -I$(libpq_srcdir) $(CPPFLAGS)
1212
LDFLAGS_INTERNAL += $(libpq_pgport)
1313

14-
PROGS = uri-regress
14+
PROGS = testclient uri-regress
1515

1616
all: $(PROGS)
1717

src/interfaces/libpq/test/testclient.c

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
/*
2+
* testclient.c
3+
* A test program for the libpq public API
4+
*
5+
* Copyright (c) 2022, PostgreSQL Global Development Group
6+
*
7+
* IDENTIFICATION
8+
* src/interfaces/libpq/test/testclient.c
9+
*/
10+
11+
#include "postgres_fe.h"
12+
13+
#include "libpq-fe.h"
14+
15+
static void
16+
print_ssl_library()
17+
{
18+
const char *lib = PQsslAttribute(NULL, "library");
19+
20+
if (!lib)
21+
fprintf(stderr, "SSL is not enabled\n");
22+
else
23+
printf("%s\n", lib);
24+
}
25+
26+
int
27+
main(int argc, char *argv[])
28+
{
29+
if ((argc > 1) && !strcmp(argv[1], "--ssl"))
30+
{
31+
print_ssl_library();
32+
return 0;
33+
}
34+
35+
printf("currently only --ssl is supported\n");
36+
return 1;
37+
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy