diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index 02601da6c8..e1ddfb3c16 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -1047,22 +1047,22 @@ be_tls_get_compression(Port *port) return false; } -void -be_tls_get_version(Port *port, char *ptr, size_t len) +const char * +be_tls_get_version(Port *port) { if (port->ssl) - strlcpy(ptr, SSL_get_version(port->ssl), len); + return SSL_get_version(port->ssl); else - ptr[0] = '\0'; + return NULL; } -void -be_tls_get_cipher(Port *port, char *ptr, size_t len) +const char * +be_tls_get_cipher(Port *port) { if (port->ssl) - strlcpy(ptr, SSL_get_cipher(port->ssl), len); + return SSL_get_cipher(port->ssl); else - ptr[0] = '\0'; + return NULL; } void diff --git a/src/backend/postmaster/pgstat.c b/src/backend/postmaster/pgstat.c index d13011454c..605b1832be 100644 --- a/src/backend/postmaster/pgstat.c +++ b/src/backend/postmaster/pgstat.c @@ -2909,8 +2909,8 @@ pgstat_bestart(void) beentry->st_ssl = true; beentry->st_sslstatus->ssl_bits = be_tls_get_cipher_bits(MyProcPort); beentry->st_sslstatus->ssl_compression = be_tls_get_compression(MyProcPort); - be_tls_get_version(MyProcPort, beentry->st_sslstatus->ssl_version, NAMEDATALEN); - be_tls_get_cipher(MyProcPort, beentry->st_sslstatus->ssl_cipher, NAMEDATALEN); + strlcpy(beentry->st_sslstatus->ssl_version, be_tls_get_version(MyProcPort), NAMEDATALEN); + strlcpy(beentry->st_sslstatus->ssl_cipher, be_tls_get_cipher(MyProcPort), NAMEDATALEN); be_tls_get_peerdn_name(MyProcPort, beentry->st_sslstatus->ssl_clientdn, NAMEDATALEN); } else diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index f9b330998d..484628987f 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -246,12 +246,15 @@ PerformAuthentication(Port *port) { if (am_walsender) { -#ifdef USE_OPENSSL +#ifdef USE_SSL if (port->ssl_in_use) ereport(LOG, - (errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, compression=%s)", - port->user_name, SSL_get_version(port->ssl), SSL_get_cipher(port->ssl), - SSL_get_current_compression(port->ssl) ? _("on") : _("off")))); + (errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)", + port->user_name, + be_tls_get_version(port), + be_tls_get_cipher(port), + be_tls_get_cipher_bits(port), + be_tls_get_compression(port) ? _("on") : _("off")))); else #endif ereport(LOG, @@ -260,12 +263,15 @@ PerformAuthentication(Port *port) } else { -#ifdef USE_OPENSSL +#ifdef USE_SSL if (port->ssl_in_use) ereport(LOG, - (errmsg("connection authorized: user=%s database=%s SSL enabled (protocol=%s, cipher=%s, compression=%s)", - port->user_name, port->database_name, SSL_get_version(port->ssl), SSL_get_cipher(port->ssl), - SSL_get_current_compression(port->ssl) ? _("on") : _("off")))); + (errmsg("connection authorized: user=%s database=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)", + port->user_name, port->database_name, + be_tls_get_version(port), + be_tls_get_cipher(port), + be_tls_get_cipher_bits(port), + be_tls_get_compression(port) ? _("on") : _("off")))); else #endif ereport(LOG, diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h index 584f794b9e..7698cd1f88 100644 --- a/src/include/libpq/libpq-be.h +++ b/src/include/libpq/libpq-be.h @@ -256,8 +256,8 @@ extern ssize_t be_tls_write(Port *port, void *ptr, size_t len, int *waitfor); */ extern int be_tls_get_cipher_bits(Port *port); extern bool be_tls_get_compression(Port *port); -extern void be_tls_get_version(Port *port, char *ptr, size_t len); -extern void be_tls_get_cipher(Port *port, char *ptr, size_t len); +extern const char *be_tls_get_version(Port *port); +extern const char *be_tls_get_cipher(Port *port); extern void be_tls_get_peerdn_name(Port *port, char *ptr, size_t len); /*