libpq: Fix SNI host handling
Fix handling of NULL host name (possibly by using hostaddr). It previously crashed. Also, we should look at connhost, not pghost, to handle multi-host specifications. Also remove an unnecessary SSL_CTX_free(). Reported-by: Jacob Champion <pchampion@vmware.com> Reviewed-by: Michael Paquier <michael@paquier.xyz> Discussion: https://www.postgresql.org/message-id/504c276ab6eee000bb23d571ea9b0ced4250774e.camel@vmware.com
This commit is contained in:
parent
eab8195368
commit
37e1cce4dd
|
@ -1087,20 +1087,24 @@ initialize_SSL(PGconn *conn)
|
|||
* Per RFC 6066, do not set it if the host is a literal IP address (IPv4
|
||||
* or IPv6).
|
||||
*/
|
||||
if (conn->sslsni && conn->sslsni[0] &&
|
||||
!(strspn(conn->pghost, "0123456789.") == strlen(conn->pghost) ||
|
||||
strchr(conn->pghost, ':')))
|
||||
if (conn->sslsni && conn->sslsni[0])
|
||||
{
|
||||
if (SSL_set_tlsext_host_name(conn->ssl, conn->pghost) != 1)
|
||||
{
|
||||
char *err = SSLerrmessage(ERR_get_error());
|
||||
const char *host = conn->connhost[conn->whichhost].host;
|
||||
|
||||
appendPQExpBuffer(&conn->errorMessage,
|
||||
libpq_gettext("could not set SSL Server Name Indication (SNI): %s\n"),
|
||||
err);
|
||||
SSLerrfree(err);
|
||||
SSL_CTX_free(SSL_context);
|
||||
return -1;
|
||||
if (host && host[0] &&
|
||||
!(strspn(host, "0123456789.") == strlen(host) ||
|
||||
strchr(host, ':')))
|
||||
{
|
||||
if (SSL_set_tlsext_host_name(conn->ssl, host) != 1)
|
||||
{
|
||||
char *err = SSLerrmessage(ERR_get_error());
|
||||
|
||||
appendPQExpBuffer(&conn->errorMessage,
|
||||
libpq_gettext("could not set SSL Server Name Indication (SNI): %s\n"),
|
||||
err);
|
||||
SSLerrfree(err);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue