Minor improvements to hack for old OpenSSL libraries: avoid unused

variable warning on Windows, improve comment.
This commit is contained in:
Tom Lane 2007-10-03 15:12:45 +00:00
parent a248dbc4f8
commit fdbce93b85

View File

@ -11,7 +11,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.98 2007/10/03 13:57:52 mha Exp $
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.99 2007/10/03 15:12:45 tgl Exp $
*
* NOTES
* [ Most of these notes are wrong/obsolete, but perhaps not all ]
@ -588,8 +588,8 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
#ifndef WIN32
struct stat buf2;
#endif
FILE *fp;
#endif
char fnbuf[MAXPGPATH];
BIO *bio;
PGconn *conn = (PGconn *) SSL_get_app_data(ssl);
@ -602,27 +602,32 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
return 0;
}
/* save OpenSSL error stack */
ERR_set_mark();
/* read the user certificate */
snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
/*
* OpenSSL <= 0.8.2 lacks error stack handling. Do a separate check
* for the existance of the file without using BIO functions to make
* it pick up the majority of the cases with the old versions.
* OpenSSL <= 0.9.8 lacks error stack handling, which means it's likely
* to report wrong error messages if access to the cert file fails.
* Do our own check for the readability of the file to catch the
* majority of such problems before OpenSSL gets involved.
*/
#ifndef HAVE_ERR_SET_MARK
if ((fp = fopen(fnbuf, "r")) == NULL)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not open certificate file \"%s\": %s\n"),
fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf)));
return 0;
FILE *fp2;
if ((fp2 = fopen(fnbuf, "r")) == NULL)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not open certificate file \"%s\": %s\n"),
fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf)));
return 0;
}
fclose(fp2);
}
fclose(fp);
#endif
/* save OpenSSL error stack */
ERR_set_mark();
if ((bio = BIO_new_file(fnbuf, "r")) == NULL)
{