Header And Logo
|
#include "postgres.h"#include <sys/stat.h>#include <signal.h>#include <fcntl.h>#include <ctype.h>#include <sys/socket.h>#include <unistd.h>#include <netdb.h>#include <netinet/in.h>#include "libpq/libpq.h"#include "tcop/tcopprot.h"#include "utils/memutils.h"
Go to the source code of this file.
Functions | |
| int | secure_initialize (void) |
| bool | secure_loaded_verify_locations (void) |
| int | secure_open_server (Port *port) |
| void | secure_close (Port *port) |
| ssize_t | secure_read (Port *port, void *ptr, size_t len) |
| ssize_t | secure_write (Port *port, void *ptr, size_t len) |
Variables | |
| char * | ssl_cert_file |
| char * | ssl_key_file |
| char * | ssl_ca_file |
| char * | ssl_crl_file |
| int | ssl_renegotiation_limit |
| char * | SSLCipherSuites = NULL |
| void secure_close | ( | Port * | port | ) |
Definition at line 228 of file be-secure.c.
Referenced by ConnFree(), and pq_close().
{
#ifdef USE_SSL
if (port->ssl)
close_SSL(port);
#endif
}
| int secure_initialize | ( | void | ) |
Definition at line 187 of file be-secure.c.
Referenced by PostmasterMain().
{
#ifdef USE_SSL
initialize_SSL();
#endif
return 0;
}
| bool secure_loaded_verify_locations | ( | void | ) |
Definition at line 200 of file be-secure.c.
Referenced by parse_hba_auth_opt().
{
#ifdef USE_SSL
return ssl_loaded_verify_locations;
#else
return false;
#endif
}
| int secure_open_server | ( | Port * | port | ) |
Definition at line 213 of file be-secure.c.
Referenced by ProcessStartupPacket().
{
int r = 0;
#ifdef USE_SSL
r = open_server_SSL(port);
#endif
return r;
}
| ssize_t secure_read | ( | Port * | port, | |
| void * | ptr, | |||
| size_t | len | |||
| ) |
Definition at line 240 of file be-secure.c.
References client_read_ended(), COMMERROR, ereport, errcode(), errmsg(), Port::noblock, pgwin32_waitforsinglesocket(), prepare_for_client_read(), recv, and Port::sock.
Referenced by pq_getbyte_if_available(), and pq_recvbuf().
{
ssize_t n;
#ifdef USE_SSL
if (port->ssl)
{
int err;
rloop:
errno = 0;
n = SSL_read(port->ssl, ptr, len);
err = SSL_get_error(port->ssl, n);
switch (err)
{
case SSL_ERROR_NONE:
port->count += n;
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
if (port->noblock)
{
errno = EWOULDBLOCK;
n = -1;
break;
}
#ifdef WIN32
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
(err == SSL_ERROR_WANT_READ) ?
FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE,
INFINITE);
#endif
goto rloop;
case SSL_ERROR_SYSCALL:
/* leave it to caller to ereport the value of errno */
if (n != -1)
{
errno = ECONNRESET;
n = -1;
}
break;
case SSL_ERROR_SSL:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL error: %s", SSLerrmessage())));
/* fall through */
case SSL_ERROR_ZERO_RETURN:
errno = ECONNRESET;
n = -1;
break;
default:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code: %d",
err)));
n = -1;
break;
}
}
else
#endif
{
prepare_for_client_read();
n = recv(port->sock, ptr, len, 0);
client_read_ended();
}
return n;
}
| ssize_t secure_write | ( | Port * | port, | |
| void * | ptr, | |||
| size_t | len | |||
| ) |
Definition at line 316 of file be-secure.c.
References COMMERROR, ereport, errcode(), errmsg(), pgwin32_waitforsinglesocket(), send, Port::sock, and ssl_renegotiation_limit.
Referenced by internal_flush().
{
ssize_t n;
#ifdef USE_SSL
if (port->ssl)
{
int err;
if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L)
{
SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
sizeof(SSL_context));
if (SSL_renegotiate(port->ssl) <= 0)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
if (SSL_do_handshake(port->ssl) <= 0)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
if (port->ssl->state != SSL_ST_OK)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL failed to send renegotiation request")));
port->ssl->state |= SSL_ST_ACCEPT;
SSL_do_handshake(port->ssl);
if (port->ssl->state != SSL_ST_OK)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
port->count = 0;
}
wloop:
errno = 0;
n = SSL_write(port->ssl, ptr, len);
err = SSL_get_error(port->ssl, n);
switch (err)
{
case SSL_ERROR_NONE:
port->count += n;
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
#ifdef WIN32
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
(err == SSL_ERROR_WANT_READ) ?
FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE,
INFINITE);
#endif
goto wloop;
case SSL_ERROR_SYSCALL:
/* leave it to caller to ereport the value of errno */
if (n != -1)
{
errno = ECONNRESET;
n = -1;
}
break;
case SSL_ERROR_SSL:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL error: %s", SSLerrmessage())));
/* fall through */
case SSL_ERROR_ZERO_RETURN:
errno = ECONNRESET;
n = -1;
break;
default:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code: %d",
err)));
n = -1;
break;
}
}
else
#endif
n = send(port->sock, ptr, len, 0);
return n;
}
| char* ssl_ca_file |
Definition at line 94 of file be-secure.c.
| char* ssl_cert_file |
Definition at line 92 of file be-secure.c.
| char* ssl_crl_file |
Definition at line 95 of file be-secure.c.
| char* ssl_key_file |
Definition at line 93 of file be-secure.c.
Definition at line 102 of file be-secure.c.
Referenced by secure_write().
| char* SSLCipherSuites = NULL |
Definition at line 110 of file be-secure.c.
1.7.1