diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 414fff329e58076c206ffafcbb4fc6972bdfaf31..d88acb922e2aec4cf974e4efea5a27db6b816fae 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.186 2002/06/14 04:23:17 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.187 2002/06/15 22:06:09 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -61,13 +61,6 @@ inet_aton(const char *cp, struct in_addr * inp)
}
#endif
-#ifdef USE_SSL
-extern int secure_initialize(PGconn *);
-extern void secure_destroy(void);
-extern int secure_open_client(PGconn *);
-extern void secure_close(PGconn *);
-extern SSL * PQgetssl(PGconn *);
-#endif
#define NOTIFYLIST_INITIAL_SIZE 10
#define NOTIFYLIST_GROWBY 10
@@ -968,7 +961,8 @@ retry2:
}
if (SSLok == 'S')
{
- if (secure_initialize(conn) == -1 || secure_open_client(conn) == -1)
+ if (pqsecure_initialize(conn) == -1 ||
+ pqsecure_open_client(conn) == -1)
{
goto connect_errReturn;
}
@@ -979,7 +973,7 @@ retry2:
/* Received error - probably protocol mismatch */
if (conn->Pfdebug)
fprintf(conn->Pfdebug, "Postmaster reports error, attempting fallback to pre-7.0.\n");
- secure_close(conn);
+ pqsecure_close(conn);
#ifdef WIN32
closesocket(conn->sock);
#else
@@ -1021,7 +1015,7 @@ retry2:
connect_errReturn:
if (conn->sock >= 0)
{
- secure_close(conn);
+ pqsecure_close(conn);
#ifdef WIN32
closesocket(conn->sock);
#else
@@ -1896,11 +1890,9 @@ freePGconn(PGconn *conn)
if (!conn)
return;
pqClearAsyncResult(conn); /* deallocate result and curTuple */
-#ifdef USE_SSL
- secure_close(conn);
-#endif
if (conn->sock >= 0)
{
+ pqsecure_close(conn);
#ifdef WIN32
closesocket(conn->sock);
#else
@@ -1974,7 +1966,7 @@ closePGconn(PGconn *conn)
*/
if (conn->sock >= 0)
{
- secure_close(conn);
+ pqsecure_close(conn);
#ifdef WIN32
closesocket(conn->sock);
#else
diff --git a/src/interfaces/libpq/fe-misc.c b/src/interfaces/libpq/fe-misc.c
index 94b641621a325d61a2f5422c4bf10efbe2c83a77..46231a21dfe9d9b54dc1d41f46e35feb1f915ff2 100644
--- a/src/interfaces/libpq/fe-misc.c
+++ b/src/interfaces/libpq/fe-misc.c
@@ -25,7 +25,7 @@
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-misc.c,v 1.74 2002/06/15 20:01:31 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-misc.c,v 1.75 2002/06/15 22:06:09 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -55,10 +55,6 @@
#include "mb/pg_wchar.h"
#endif
-extern void secure_close(PGconn *);
-extern ssize_t secure_read(PGconn *, void *, size_t);
-extern ssize_t secure_write(PGconn *, const void *, size_t);
-
#define DONOTICE(conn,message) \
((*(conn)->noticeHook) ((conn)->noticeArg, (message)))
@@ -490,8 +486,8 @@ pqReadData(PGconn *conn)
/* OK, try to read some data */
retry3:
- nread = secure_read(conn, conn->inBuffer + conn->inEnd,
- conn->inBufSize - conn->inEnd);
+ nread = pqsecure_read(conn, conn->inBuffer + conn->inEnd,
+ conn->inBufSize - conn->inEnd);
if (nread < 0)
{
if (SOCK_ERRNO == EINTR)
@@ -570,8 +566,8 @@ retry3:
* arrived.
*/
retry4:
- nread = secure_read(conn, conn->inBuffer + conn->inEnd,
- conn->inBufSize - conn->inEnd);
+ nread = pqsecure_read(conn, conn->inBuffer + conn->inEnd,
+ conn->inBufSize - conn->inEnd);
if (nread < 0)
{
if (SOCK_ERRNO == EINTR)
@@ -612,7 +608,7 @@ definitelyFailed:
"\tThis probably means the server terminated abnormally\n"
"\tbefore or while processing the request.\n"));
conn->status = CONNECTION_BAD; /* No more connection to backend */
- secure_close(conn);
+ pqsecure_close(conn);
#ifdef WIN32
closesocket(conn->sock);
#else
@@ -654,7 +650,7 @@ pqSendSome(PGconn *conn)
{
int sent;
- sent = secure_write(conn, ptr, len);
+ sent = pqsecure_write(conn, ptr, len);
if (sent < 0)
{
diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c
index 26dcb4388451cf6e8adc2daa6a55827fbcb355bd..fa36a9315c3aba3f3bf674d87c42f0a260240e83 100644
--- a/src/interfaces/libpq/fe-secure.c
+++ b/src/interfaces/libpq/fe-secure.c
@@ -1,6 +1,6 @@
/*-------------------------------------------------------------------------
*
- * fe-connect.c
+ * fe-secure.c
* functions related to setting up a secure connection to the backend.
* Secure connections are expected to provide confidentiality,
* message integrity and endpoint authentication.
@@ -11,7 +11,7 @@
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.4 2002/06/14 04:38:04 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.5 2002/06/15 22:06:09 tgl Exp $
*
* NOTES
* The client *requires* a valid server certificate. Since
@@ -26,7 +26,7 @@
* to sign the server certificate, should be present in the
* "$HOME/.postgresql/root.crt" file. If this file isn't
* readable, or the server certificate can't be validated,
- * secure_open_client() will return an error code.
+ * pqsecure_open_client() will return an error code.
*
* Additionally, the server certificate's "common name" must
* resolve to the other end of the socket. This makes it
@@ -38,7 +38,7 @@
* Unfortunately neither the current front- or back-end handle
* failure gracefully, resulting in the backend hiccupping.
* This points out problems in each (the frontend shouldn't even
- * try to do SSL if secure_initialize() fails, and the backend
+ * try to do SSL if pqsecure_initialize() fails, and the backend
* shouldn't crash/recover if an SSH negotiation fails. The
* backend definitely needs to be fixed, to prevent a "denial
* of service" attack, but I don't know enough about how the
@@ -76,30 +76,6 @@
* The code currently assumes a POSIX password entry. How should
* Windows and Mac users be handled?
*
- * PATCH LEVEL
- * milestone 1: fix basic coding errors
- * [*] existing SSL code pulled out of existing files.
- * [*] SSL_get_error() after SSL_read() and SSL_write(),
- * SSL_shutdown(), default to TLSv1.
- *
- * milestone 2: provide endpoint authentication (server)
- * [*] client verifies server cert
- * [*] client verifies server hostname
- *
- * milestone 3: improve confidentially, support perfect forward secrecy
- * [ ] use 'random' file, read from '/dev/urandom?'
- * [*] emphermal DH keys, default values
- *
- * milestone 4: provide endpoint authentication (client)
- * [*] server verifies client certificates
- *
- * milestone 5: provide informational callbacks
- * [*] provide informational callbacks
- *
- * other changes
- * [ ] tcp-wrappers
- * [ ] more informative psql
- *
*-------------------------------------------------------------------------
*/
@@ -142,12 +118,6 @@
#include <openssl/e_os.h>
#endif /* USE_SSL */
-int secure_initialize(PGconn *);
-void secure_destroy(void);
-int secure_open_client(PGconn *);
-void secure_close(PGconn *);
-ssize_t secure_read(PGconn *, void *ptr, size_t len);
-ssize_t secure_write(PGconn *, const void *ptr, size_t len);
#ifdef USE_SSL
static int verify_cb(int ok, X509_STORE_CTX *ctx);
@@ -228,7 +198,7 @@ KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=\n\
* Initialize global context
*/
int
-secure_initialize (PGconn *conn)
+pqsecure_initialize (PGconn *conn)
{
int r = 0;
@@ -243,7 +213,7 @@ secure_initialize (PGconn *conn)
* Destroy global context
*/
void
-secure_destroy (void)
+pqsecure_destroy (void)
{
#ifdef USE_SSL
destroy_SSL();
@@ -254,7 +224,7 @@ secure_destroy (void)
* Attempt to negotiate secure session.
*/
int
-secure_open_client (PGconn *conn)
+pqsecure_open_client (PGconn *conn)
{
int r = 0;
@@ -269,7 +239,7 @@ secure_open_client (PGconn *conn)
* Close secure session.
*/
void
-secure_close (PGconn *conn)
+pqsecure_close (PGconn *conn)
{
#ifdef USE_SSL
if (conn->ssl)
@@ -281,7 +251,7 @@ secure_close (PGconn *conn)
* Read data from a secure connection.
*/
ssize_t
-secure_read (PGconn *conn, void *ptr, size_t len)
+pqsecure_read (PGconn *conn, void *ptr, size_t len)
{
ssize_t n;
@@ -306,7 +276,7 @@ secure_read (PGconn *conn, void *ptr, size_t len)
libpq_gettext("SSL error: %s\n"), SSLerrmessage());
/* fall through */
case SSL_ERROR_ZERO_RETURN:
- secure_close(conn);
+ pqsecure_close(conn);
SOCK_ERRNO = ECONNRESET;
n = -1;
break;
@@ -323,7 +293,7 @@ secure_read (PGconn *conn, void *ptr, size_t len)
* Write data to a secure connection.
*/
ssize_t
-secure_write (PGconn *conn, const void *ptr, size_t len)
+pqsecure_write (PGconn *conn, const void *ptr, size_t len)
{
ssize_t n;
@@ -352,7 +322,7 @@ secure_write (PGconn *conn, const void *ptr, size_t len)
libpq_gettext("SSL error: %s\n"), SSLerrmessage());
/* fall through */
case SSL_ERROR_ZERO_RETURN:
- secure_close(conn);
+ pqsecure_close(conn);
SOCK_ERRNO = ECONNRESET;
n = -1;
break;
@@ -925,4 +895,5 @@ PQgetssl(PGconn *conn)
return NULL;
return conn->ssl;
}
+
#endif /* USE_SSL */
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index 90a0186d276d393b145b70c92ac7cde4852b087c..7cdfd6fe66b550bbc936d8019b8c27a8a2226c4a 100644
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -12,7 +12,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Id: libpq-int.h,v 1.49 2002/06/14 04:23:17 momjian Exp $
+ * $Id: libpq-int.h,v 1.50 2002/06/15 22:06:09 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -331,6 +331,15 @@ extern int pqWait(int forRead, int forWrite, PGconn *conn);
extern int pqReadReady(PGconn *conn);
extern int pqWriteReady(PGconn *conn);
+/* === in fe-secure.c === */
+
+extern int pqsecure_initialize(PGconn *);
+extern void pqsecure_destroy(void);
+extern int pqsecure_open_client(PGconn *);
+extern void pqsecure_close(PGconn *);
+extern ssize_t pqsecure_read(PGconn *, void *ptr, size_t len);
+extern ssize_t pqsecure_write(PGconn *, const void *ptr, size_t len);
+
/* bits in a byte */
#define BYTELEN 8