diff options
| author | Daniel Gustafsson | 2022-03-29 12:02:45 +0000 |
|---|---|---|
| committer | Daniel Gustafsson | 2022-03-29 12:02:45 +0000 |
| commit | ebc8b7d4416d8e0dfb7c05132ef6182fd3daf885 (patch) | |
| tree | 04d15606691eb1773d9b7915fb66998ce5d6ce07 /src | |
| parent | 8cd7627c7b19c5a1bb235e7ad91b53856b101e65 (diff) | |
Enable SSL library detection via PQsslAttribute()
Currently, libpq client code must have a connection handle
before it can query the "library" SSL attribute. This poses
problems if the client needs to know what SSL library is in
use before constructing a connection string.
Allow PQsslAttribute(NULL, "library") to return the library
in use -- currently, just "OpenSSL" or NULL. The new behavior
is announced with the LIBPQ_HAS_SSL_LIBRARY_DETECTION feature
macro, allowing clients to differentiate between a libpq that
was compiled without SSL support and a libpq that's just too
old to tell.
Author: Jacob Champion <[email protected]>
Reviewed-by: Robert Haas <[email protected]>
Reviewed-by: Daniel Gustafsson <[email protected]>
Discussion: https://postgr.es/m/[email protected]
Diffstat (limited to 'src')
| -rw-r--r-- | src/interfaces/libpq/Makefile | 1 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 6 | ||||
| -rw-r--r-- | src/interfaces/libpq/libpq-fe.h | 2 | ||||
| -rw-r--r-- | src/interfaces/libpq/t/002_api.pl | 20 | ||||
| -rw-r--r-- | src/interfaces/libpq/test/.gitignore | 1 | ||||
| -rw-r--r-- | src/interfaces/libpq/test/Makefile | 2 | ||||
| -rw-r--r-- | src/interfaces/libpq/test/testclient.c | 37 |
7 files changed, 65 insertions, 4 deletions
diff --git a/src/interfaces/libpq/Makefile b/src/interfaces/libpq/Makefile index 3c53393fa41..89bf5e01260 100644 --- a/src/interfaces/libpq/Makefile +++ b/src/interfaces/libpq/Makefile @@ -13,6 +13,7 @@ subdir = src/interfaces/libpq top_builddir = ../../.. include $(top_builddir)/src/Makefile.global +export with_ssl PGFILEDESC = "PostgreSQL Access Library" diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index d81218a4ccd..d3bf57b850a 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -1631,14 +1631,14 @@ PQsslAttributeNames(PGconn *conn) const char * PQsslAttribute(PGconn *conn, const char *attribute_name) { + if (strcmp(attribute_name, "library") == 0) + return "OpenSSL"; + if (!conn) return NULL; if (conn->ssl == NULL) return NULL; - if (strcmp(attribute_name, "library") == 0) - return "OpenSSL"; - if (strcmp(attribute_name, "key_bits") == 0) { static char sslbits_str[12]; diff --git a/src/interfaces/libpq/libpq-fe.h b/src/interfaces/libpq/libpq-fe.h index 20eb855abc1..7986445f1a9 100644 --- a/src/interfaces/libpq/libpq-fe.h +++ b/src/interfaces/libpq/libpq-fe.h @@ -36,6 +36,8 @@ extern "C" #define LIBPQ_HAS_PIPELINING 1 /* Indicates presence of PQsetTraceFlags; also new PQtrace output format */ #define LIBPQ_HAS_TRACE_FLAGS 1 +/* Indicates that PQsslAttribute(NULL, "library") is useful */ +#define LIBPQ_HAS_SSL_LIBRARY_DETECTION 1 /* * Option flags for PQcopyResult diff --git a/src/interfaces/libpq/t/002_api.pl b/src/interfaces/libpq/t/002_api.pl new file mode 100644 index 00000000000..7c6c5788a0c --- /dev/null +++ b/src/interfaces/libpq/t/002_api.pl @@ -0,0 +1,20 @@ +# Copyright (c) 2022, PostgreSQL Global Development Group +use strict; +use warnings; + +use PostgreSQL::Test::Utils; +use Test::More; + +# Test PQsslAttribute(NULL, "library") +my ($out, $err) = run_command(['testclient', '--ssl']); + +if ($ENV{with_ssl} eq 'openssl') +{ + is($out, 'OpenSSL', 'PQsslAttribute(NULL, "library") returns "OpenSSL"'); +} +else +{ + is($err, 'SSL is not enabled', 'PQsslAttribute(NULL, "library") returns NULL'); +} + +done_testing(); diff --git a/src/interfaces/libpq/test/.gitignore b/src/interfaces/libpq/test/.gitignore index 5e803d8816a..4b17210483d 100644 --- a/src/interfaces/libpq/test/.gitignore +++ b/src/interfaces/libpq/test/.gitignore @@ -1 +1,2 @@ +/testclient /uri-regress diff --git a/src/interfaces/libpq/test/Makefile b/src/interfaces/libpq/test/Makefile index 54212159065..1d45be0c375 100644 --- a/src/interfaces/libpq/test/Makefile +++ b/src/interfaces/libpq/test/Makefile @@ -11,7 +11,7 @@ endif override CPPFLAGS := -I$(libpq_srcdir) $(CPPFLAGS) LDFLAGS_INTERNAL += $(libpq_pgport) -PROGS = uri-regress +PROGS = testclient uri-regress all: $(PROGS) diff --git a/src/interfaces/libpq/test/testclient.c b/src/interfaces/libpq/test/testclient.c new file mode 100644 index 00000000000..2c730d83fa6 --- /dev/null +++ b/src/interfaces/libpq/test/testclient.c @@ -0,0 +1,37 @@ +/* + * testclient.c + * A test program for the libpq public API + * + * Copyright (c) 2022, PostgreSQL Global Development Group + * + * IDENTIFICATION + * src/interfaces/libpq/test/testclient.c + */ + +#include "postgres_fe.h" + +#include "libpq-fe.h" + +static void +print_ssl_library() +{ + const char *lib = PQsslAttribute(NULL, "library"); + + if (!lib) + fprintf(stderr, "SSL is not enabled\n"); + else + printf("%s\n", lib); +} + +int +main(int argc, char *argv[]) +{ + if ((argc > 1) && !strcmp(argv[1], "--ssl")) + { + print_ssl_library(); + return 0; + } + + printf("currently only --ssl is supported\n"); + return 1; +} |