diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2015-02-03 19:57:52 +0200 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2015-02-03 19:57:52 +0200 |
| commit | 91fa7b4719ac583420d9143132ba4ccddefbc5b2 (patch) | |
| tree | 63e014f91cb23165532517ffc6794afdb11a710f /src/bin | |
| parent | 809d9a260b5d068a6a366273cd724bf9b396b026 (diff) | |
| download | postgresql-91fa7b4719ac583420d9143132ba4ccddefbc5b2.tar.gz | |
Add API functions to libpq to interrogate SSL related stuff.
This makes it possible to query for things like the SSL version and cipher
used, without depending on OpenSSL functions or macros. That is a good
thing if we ever get another SSL implementation.
PQgetssl() still works, but it should be considered as deprecated as it
only works with OpenSSL. In particular, PQgetSslInUse() should be used to
check if a connection uses SSL, because as soon as we have another
implementation, PQgetssl() will return NULL even if SSL is in use.
Diffstat (limited to 'src/bin')
| -rw-r--r-- | src/bin/psql/command.c | 35 |
1 files changed, 14 insertions, 21 deletions
diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c index 4ac21f20bf..7c9f28dee0 100644 --- a/src/bin/psql/command.c +++ b/src/bin/psql/command.c @@ -30,9 +30,6 @@ #include <sys/types.h> /* for umask() */ #include <sys/stat.h> /* for stat() */ #endif -#ifdef USE_OPENSSL -#include <openssl/ssl.h> -#endif #include "portability/instr_time.h" @@ -1815,28 +1812,24 @@ connection_warnings(bool in_startup) static void printSSLInfo(void) { -#ifdef USE_OPENSSL - int sslbits = -1; - SSL *ssl; + const char *protocol; + const char *cipher; + const char *bits; + const char *compression; - ssl = PQgetssl(pset.db); - if (!ssl) + if (!PQsslInUse(pset.db)) return; /* no SSL */ - SSL_get_cipher_bits(ssl, &sslbits); - printf(_("SSL connection (protocol: %s, cipher: %s, bits: %d, compression: %s)\n"), - SSL_get_version(ssl), SSL_get_cipher(ssl), sslbits, - SSL_get_current_compression(ssl) ? _("on") : _("off")); -#else + protocol = PQsslAttribute(pset.db, "protocol"); + cipher = PQsslAttribute(pset.db, "cipher"); + bits = PQsslAttribute(pset.db, "key_bits"); + compression = PQsslAttribute(pset.db, "compression"); - /* - * If psql is compiled without SSL but is using a libpq with SSL, we - * cannot figure out the specifics about the connection. But we know it's - * SSL secured. - */ - if (PQgetssl(pset.db)) - printf(_("SSL connection (unknown cipher)\n")); -#endif + printf(_("SSL connection (protocol: %s, cipher: %s, bits: %s, compression: %s)\n"), + protocol ? protocol : _("unknown"), + cipher ? cipher : _("unknown"), + bits ? bits : _("unknown"), + (compression && strcmp(compression, "off") != 0) ? _("on") : _("off")); } |