diff options
| author | Magnus Hagander <magnus@hagander.net> | 2009-01-28 15:06:51 +0000 |
|---|---|---|
| committer | Magnus Hagander <magnus@hagander.net> | 2009-01-28 15:06:51 +0000 |
| commit | 5ecd9dc75a3dd9c2154be94250361878896fc43c (patch) | |
| tree | 7b01a22753b431199e4fa73aa38b4f33d6aec37f | |
| parent | 473b40d23e5e1699672c3d7f21e36b8da5d355a5 (diff) | |
| download | postgresql-5ecd9dc75a3dd9c2154be94250361878896fc43c.tar.gz | |
Go over all OpenSSL return values and make sure we compare them
to the documented API value. The previous code got it right as
it's implemented, but accepted too much/too little compared to
the API documentation.
Per comment from Zdenek Kotala.
| -rw-r--r-- | src/backend/libpq/be-secure.c | 10 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-secure.c | 6 |
2 files changed, 8 insertions, 8 deletions
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index 09019c3f0f..541ab91f39 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.56.4.3 2007/05/18 01:20:40 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.56.4.4 2009/01/28 15:06:50 mha Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -715,7 +715,7 @@ initialize_SSL(void) * Load and verify certificate and private key */ snprintf(fnbuf, sizeof(fnbuf), "%s/server.crt", DataDir); - if (!SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM)) + if (SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM) != 1) ereport(FATAL, (errcode(ERRCODE_CONFIG_FILE_ERROR), errmsg("could not load server certificate file \"%s\": %s", @@ -746,12 +746,12 @@ initialize_SSL(void) errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\"."))); #endif - if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM)) + if (SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM) != 1) ereport(FATAL, (errmsg("could not load private key file \"%s\": %s", fnbuf, SSLerrmessage()))); - if (!SSL_CTX_check_private_key(SSL_context)) + if (SSL_CTX_check_private_key(SSL_context) != 1) ereport(FATAL, (errmsg("check of private key failed: %s", SSLerrmessage()))); @@ -769,7 +769,7 @@ initialize_SSL(void) * Require and check client certificates only if we have a root.crt file. */ snprintf(fnbuf, sizeof(fnbuf), "%s/root.crt", DataDir); - if (!SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL)) + if (SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL) != 1) { /* Not fatal - we do not require client certificates */ ereport(LOG, diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index c681dccf5c..0ca7de14c9 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.67 2005/01/10 00:37:12 tgl Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.67.4.1 2009/01/28 15:06:51 mha Exp $ * * NOTES * [ Most of these notes are wrong/obsolete, but perhaps not all ] @@ -856,7 +856,7 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) fclose(fp); /* verify that the cert and key go together */ - if (!X509_check_private_key(*x509, *pkey)) + if (X509_check_private_key(*x509, *pkey) != 1) { char *err = SSLerrmessage(); @@ -978,7 +978,7 @@ initialize_SSL(PGconn *conn) snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOTCERTFILE); if (stat(fnbuf, &buf) == 0) { - if (!SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL)) + if (SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL) != 1) { char *err = SSLerrmessage(); |