Make Port->ssl_in_use available, even when built with !USE_SSL
Code that check the flag no longer need #ifdef's, which is more convenient. In particular, makes it easier to write extensions that depend on it. In the passing, modify sslinfo's ssl_is_used function to check ssl_in_use instead of the OpenSSL specific 'ssl' pointer. It doesn't make any difference currently, as sslinfo is only compiled when built with OpenSSL, but seems cleaner anyway.
This commit is contained in:
parent
f5d9698a84
commit
e453cc2741
|
@ -35,7 +35,7 @@ PG_FUNCTION_INFO_V1(ssl_is_used);
|
|||
Datum
|
||||
ssl_is_used(PG_FUNCTION_ARGS)
|
||||
{
|
||||
PG_RETURN_BOOL(MyProcPort->ssl != NULL);
|
||||
PG_RETURN_BOOL(MyProcPort->ssl_in_use);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -925,15 +925,13 @@ parse_hba_line(List *line, int line_num, char *raw_line)
|
|||
return NULL;
|
||||
#endif
|
||||
}
|
||||
#ifdef USE_SSL
|
||||
else if (token->string[4] == 'n') /* "hostnossl" */
|
||||
{
|
||||
parsedline->conntype = ctHostNoSSL;
|
||||
}
|
||||
#endif
|
||||
else
|
||||
{
|
||||
/* "host", or "hostnossl" and SSL support not built in */
|
||||
/* "host" */
|
||||
parsedline->conntype = ctHost;
|
||||
}
|
||||
} /* record type */
|
||||
|
@ -1684,7 +1682,6 @@ check_hba(hbaPort *port)
|
|||
continue;
|
||||
|
||||
/* Check SSL state */
|
||||
#ifdef USE_SSL
|
||||
if (port->ssl_in_use)
|
||||
{
|
||||
/* Connection is SSL, match both "host" and "hostssl" */
|
||||
|
@ -1697,11 +1694,6 @@ check_hba(hbaPort *port)
|
|||
if (hba->conntype == ctHostSSL)
|
||||
continue;
|
||||
}
|
||||
#else
|
||||
/* No SSL support, so reject "hostssl" lines */
|
||||
if (hba->conntype == ctHostSSL)
|
||||
continue;
|
||||
#endif
|
||||
|
||||
/* Check IP address */
|
||||
switch (hba->ip_cmp_method)
|
||||
|
|
|
@ -184,14 +184,16 @@ typedef struct Port
|
|||
#endif
|
||||
|
||||
/*
|
||||
* SSL structures (keep these last so that the locations of other fields
|
||||
* are the same whether or not you build with SSL)
|
||||
* SSL structures.
|
||||
*/
|
||||
#ifdef USE_SSL
|
||||
bool ssl_in_use;
|
||||
char *peer_cn;
|
||||
bool peer_cert_valid;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* OpenSSL structures. (Keep these last so that the locations of other
|
||||
* fields are the same whether or not you build with OpenSSL.)
|
||||
*/
|
||||
#ifdef USE_OPENSSL
|
||||
SSL *ssl;
|
||||
X509 *peer;
|
||||
|
|
Loading…
Reference in New Issue