Skip to content
Snippets Groups Projects
Select Git revision
  • benchmark-tools
  • postgres-lambda
  • master default
  • REL9_4_25
  • REL9_5_20
  • REL9_6_16
  • REL_10_11
  • REL_11_6
  • REL_12_1
  • REL_12_0
  • REL_12_RC1
  • REL_12_BETA4
  • REL9_4_24
  • REL9_5_19
  • REL9_6_15
  • REL_10_10
  • REL_11_5
  • REL_12_BETA3
  • REL9_4_23
  • REL9_5_18
  • REL9_6_14
  • REL_10_9
  • REL_11_4
23 results

fe-secure-openssl.c

Blame
    • Tom Lane's avatar
      8d00858b
      Change libpq's internal uses of PQhost() to inspect host field directly. · 8d00858b
      Tom Lane authored
      Commit 1944cdc9 changed PQhost() to return the hostaddr value when that
      is specified and host isn't.  This is a good idea in general, but
      fe-auth.c and related files contain PQhost() calls for which it isn't.
      Specifically, when we compare SSL certificates or other server identity
      information to the host field, we do not want to use hostaddr instead;
      that's not what's documented, that's not what happened pre-v10, and
      it doesn't seem like a good idea.
      
      Instead, we can just look at connhost[].host directly.  This does what
      we want in v10 and up; in particular, if neither host nor hostaddr
      were given, the host field will be replaced with the default host name.
      That seems useful, and it's likely the reason that these places were
      coded to call PQhost() originally (since pre-v10, the stored field was
      not replaced with the default).
      
      Back-patch to v10, as 1944cdc9 (just) was.
      
      Discussion: https://postgr.es/m/23287.1533227021@sss.pgh.pa.us
      8d00858b
      History
      Change libpq's internal uses of PQhost() to inspect host field directly.
      Tom Lane authored
      Commit 1944cdc9 changed PQhost() to return the hostaddr value when that
      is specified and host isn't.  This is a good idea in general, but
      fe-auth.c and related files contain PQhost() calls for which it isn't.
      Specifically, when we compare SSL certificates or other server identity
      information to the host field, we do not want to use hostaddr instead;
      that's not what's documented, that's not what happened pre-v10, and
      it doesn't seem like a good idea.
      
      Instead, we can just look at connhost[].host directly.  This does what
      we want in v10 and up; in particular, if neither host nor hostaddr
      were given, the host field will be replaced with the default host name.
      That seems useful, and it's likely the reason that these places were
      coded to call PQhost() originally (since pre-v10, the stored field was
      not replaced with the default).
      
      Back-patch to v10, as 1944cdc9 (just) was.
      
      Discussion: https://postgr.es/m/23287.1533227021@sss.pgh.pa.us