From 6d514ac866591055e1df44ba2d0f79f2d6b2e89d Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Wed, 3 Oct 2007 15:12:45 +0000 Subject: [PATCH] Minor improvements to hack for old OpenSSL libraries: avoid unused variable warning on Windows, improve comment. --- src/interfaces/libpq/fe-secure.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index a133ab9066..88d5ae8efd 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -588,8 +588,8 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) #ifndef WIN32 struct stat buf2; -#endif FILE *fp; +#endif char fnbuf[MAXPGPATH]; BIO *bio; PGconn *conn = (PGconn *) SSL_get_app_data(ssl); @@ -602,27 +602,32 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) return 0; } - /* save OpenSSL error stack */ - ERR_set_mark(); - /* read the user certificate */ snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE); /* - * OpenSSL <= 0.8.2 lacks error stack handling. Do a separate check - * for the existance of the file without using BIO functions to make - * it pick up the majority of the cases with the old versions. + * OpenSSL <= 0.9.8 lacks error stack handling, which means it's likely + * to report wrong error messages if access to the cert file fails. + * Do our own check for the readability of the file to catch the + * majority of such problems before OpenSSL gets involved. */ #ifndef HAVE_ERR_SET_MARK - if ((fp = fopen(fnbuf, "r")) == NULL) { - printfPQExpBuffer(&conn->errorMessage, - libpq_gettext("could not open certificate file \"%s\": %s\n"), - fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf))); - return 0; + FILE *fp2; + + if ((fp2 = fopen(fnbuf, "r")) == NULL) + { + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("could not open certificate file \"%s\": %s\n"), + fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf))); + return 0; + } + fclose(fp2); } - fclose(fp); #endif + + /* save OpenSSL error stack */ + ERR_set_mark(); if ((bio = BIO_new_file(fnbuf, "r")) == NULL) { -- 2.39.5