diff options
Diffstat (limited to 'src/backend/libpq/be-secure.c')
| -rw-r--r-- | src/backend/libpq/be-secure.c | 70 |
1 files changed, 35 insertions, 35 deletions
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index 01dc4f1af0..a2404ebd38 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.58 2005/07/04 04:51:46 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.59 2005/10/15 02:49:17 momjian Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -103,7 +103,7 @@ #define ROOT_CERT_FILE "root.crt" #define SERVER_CERT_FILE "server.crt" -#define SERVER_PRIVATE_KEY_FILE "server.key" +#define SERVER_PRIVATE_KEY_FILE "server.key" static DH *load_dh_file(int keylength); static DH *load_dh_buffer(const char *, size_t); @@ -276,8 +276,8 @@ rloop: case SSL_ERROR_WANT_WRITE: #ifdef WIN32 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl), - (err==SSL_ERROR_WANT_READ) ? - FD_READ|FD_CLOSE : FD_WRITE|FD_CLOSE); + (err == SSL_ERROR_WANT_READ) ? + FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE); #endif goto rloop; case SSL_ERROR_SYSCALL: @@ -353,7 +353,7 @@ secure_write(Port *port, void *ptr, size_t len) if (port->ssl->state != SSL_ST_OK) ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), - errmsg("SSL failed to send renegotiation request"))); + errmsg("SSL failed to send renegotiation request"))); port->ssl->state |= SSL_ST_ACCEPT; SSL_do_handshake(port->ssl); if (port->ssl->state != SSL_ST_OK) @@ -375,8 +375,8 @@ wloop: case SSL_ERROR_WANT_WRITE: #ifdef WIN32 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl), - (err==SSL_ERROR_WANT_READ) ? - FD_READ|FD_CLOSE : FD_WRITE|FD_CLOSE); + (err == SSL_ERROR_WANT_READ) ? + FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE); #endif goto wloop; case SSL_ERROR_SYSCALL: @@ -439,12 +439,12 @@ wloop: static bool my_bio_initialized = false; static BIO_METHOD my_bio_methods; -static int (*std_sock_read) (BIO *h, char *buf, int size); +static int (*std_sock_read) (BIO *h, char *buf, int size); static int my_sock_read(BIO *h, char *buf, int size) { - int res; + int res; prepare_for_client_read(); @@ -472,21 +472,21 @@ my_BIO_s_socket(void) static int my_SSL_set_fd(SSL *s, int fd) { - int ret=0; - BIO *bio=NULL; + int ret = 0; + BIO *bio = NULL; - bio=BIO_new(my_BIO_s_socket()); + bio = BIO_new(my_BIO_s_socket()); if (bio == NULL) { - SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); + SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); goto err; } - BIO_set_fd(bio,fd,BIO_NOCLOSE); - SSL_set_bio(s,bio,bio); - ret=1; + BIO_set_fd(bio, fd, BIO_NOCLOSE); + SSL_set_bio(s, bio, bio); + ret = 1; err: - return(ret); + return (ret); } /* @@ -539,7 +539,7 @@ load_dh_file(int keylength) (codes & DH_CHECK_P_NOT_SAFE_PRIME)) { elog(LOG, - "DH error (%s): neither suitable generator or safe prime", + "DH error (%s): neither suitable generator or safe prime", fnbuf); return NULL; } @@ -640,8 +640,8 @@ tmp_dh_cb(SSL *s, int is_export, int keylength) if (r == NULL || 8 * DH_size(r) < keylength) { ereport(DEBUG2, - (errmsg_internal("DH: generating parameters (%d bits)....", - keylength))); + (errmsg_internal("DH: generating parameters (%d bits)....", + keylength))); r = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NULL); } @@ -735,30 +735,30 @@ initialize_SSL(void) SSL_FILETYPE_PEM)) ereport(FATAL, (errcode(ERRCODE_CONFIG_FILE_ERROR), - errmsg("could not load server certificate file \"%s\": %s", - SERVER_CERT_FILE, SSLerrmessage()))); + errmsg("could not load server certificate file \"%s\": %s", + SERVER_CERT_FILE, SSLerrmessage()))); if (stat(SERVER_PRIVATE_KEY_FILE, &buf) == -1) ereport(FATAL, (errcode_for_file_access(), - errmsg("could not access private key file \"%s\": %m", - SERVER_PRIVATE_KEY_FILE))); + errmsg("could not access private key file \"%s\": %m", + SERVER_PRIVATE_KEY_FILE))); /* * Require no public access to key file. * - * XXX temporarily suppress check when on Windows, because there may - * not be proper support for Unix-y file permissions. Need to - * think of a reasonable check to apply on Windows. (See also the - * data directory permission check in postmaster.c) + * XXX temporarily suppress check when on Windows, because there may not + * be proper support for Unix-y file permissions. Need to think of a + * reasonable check to apply on Windows. (See also the data directory + * permission check in postmaster.c) */ #if !defined(WIN32) && !defined(__CYGWIN__) if (!S_ISREG(buf.st_mode) || (buf.st_mode & (S_IRWXG | S_IRWXO)) || buf.st_uid != geteuid()) ereport(FATAL, (errcode(ERRCODE_CONFIG_FILE_ERROR), - errmsg("unsafe permissions on private key file \"%s\"", - SERVER_PRIVATE_KEY_FILE), + errmsg("unsafe permissions on private key file \"%s\"", + SERVER_PRIVATE_KEY_FILE), errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\"."))); #endif @@ -861,8 +861,8 @@ aloop: case SSL_ERROR_WANT_WRITE: #ifdef WIN32 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl), - (err==SSL_ERROR_WANT_READ) ? - FD_READ|FD_CLOSE|FD_ACCEPT : FD_WRITE|FD_CLOSE); + (err == SSL_ERROR_WANT_READ) ? + FD_READ | FD_CLOSE | FD_ACCEPT : FD_WRITE | FD_CLOSE); #endif goto aloop; case SSL_ERROR_SYSCALL: @@ -873,7 +873,7 @@ aloop: else ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), - errmsg("could not accept SSL connection: EOF detected"))); + errmsg("could not accept SSL connection: EOF detected"))); break; case SSL_ERROR_SSL: ereport(COMMERROR, @@ -884,7 +884,7 @@ aloop: case SSL_ERROR_ZERO_RETURN: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), - errmsg("could not accept SSL connection: EOF detected"))); + errmsg("could not accept SSL connection: EOF detected"))); break; default: ereport(COMMERROR, @@ -912,7 +912,7 @@ aloop: port->peer_dn, sizeof(port->peer_dn)); port->peer_dn[sizeof(port->peer_dn) - 1] = '\0'; X509_NAME_get_text_by_NID(X509_get_subject_name(port->peer), - NID_commonName, port->peer_cn, sizeof(port->peer_cn)); + NID_commonName, port->peer_cn, sizeof(port->peer_cn)); port->peer_cn[sizeof(port->peer_cn) - 1] = '\0'; } ereport(DEBUG2, |