Minor improvements to hack for old OpenSSL libraries: avoid unused

variable warning on Windows, improve comment.

src/interfaces/libpq/fe-secure.c

@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.98 2007/10/03 13:57:52 mha Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.99 2007/10/03 15:12:45 tgl Exp $
  *
  * NOTES
  *	  [ Most of these notes are wrong/obsolete, but perhaps not all ]
@@ -588,8 +588,8 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 
 #ifndef WIN32
 	struct stat buf2;
-#endif
 	FILE		*fp;
+#endif
 	char		fnbuf[MAXPGPATH];
 	BIO			*bio;
 	PGconn		*conn = (PGconn *) SSL_get_app_data(ssl);
@@ -602,28 +602,33 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 		return 0;
 	}
 
-	/* save OpenSSL error stack */
-	ERR_set_mark();
-
 	/* read the user certificate */
 	snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
 
 	/* 
-	 * OpenSSL <= 0.8.2 lacks error stack handling. Do a separate check
-	 * for the existance of the file without using BIO functions to make
-	 * it pick up the majority of the cases with the old versions.
+	 * OpenSSL <= 0.9.8 lacks error stack handling, which means it's likely
+	 * to report wrong error messages if access to the cert file fails.
+	 * Do our own check for the readability of the file to catch the
+	 * majority of such problems before OpenSSL gets involved.
 	 */
 #ifndef HAVE_ERR_SET_MARK
-	if ((fp = fopen(fnbuf, "r")) == NULL)
+	{
+		FILE		*fp2;
+
+		if ((fp2 = fopen(fnbuf, "r")) == NULL)
 		{
 			printfPQExpBuffer(&conn->errorMessage,
 							  libpq_gettext("could not open certificate file \"%s\": %s\n"),
 							  fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf)));
 			return 0;
 		}
-	fclose(fp);
+		fclose(fp2);
+	}
 #endif
 
+	/* save OpenSSL error stack */
+	ERR_set_mark();
+	
 	if ((bio = BIO_new_file(fnbuf, "r")) == NULL)
 	{
 		printfPQExpBuffer(&conn->errorMessage,