diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2018-01-25 08:58:00 -0500 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2018-01-26 09:50:46 -0500 |
| commit | c1869542b3a4da4b12cace2253ef177da761c00d (patch) | |
| tree | b1b726f9a2851dce06fd1d3f96f27747bfc74b86 /src/backend/utils/init | |
| parent | a6ef00b5c3c4a287e03b634d328529b69cc1e770 (diff) | |
| download | postgresql-c1869542b3a4da4b12cace2253ef177da761c00d.tar.gz postgresql-c1869542b3a4da4b12cace2253ef177da761c00d.zip | |
Use abstracted SSL API in server connection log messages
The existing "connection authorized" server log messages used OpenSSL
API calls directly, even though similar abstracted API calls exist.
Change to use the latter instead.
Change the function prototype for the functions that return the TLS
version and the cipher to return const char * directly instead of
copying into a buffer. That makes them slightly easier to use.
Add bits= to the message. psql shows that, so we might as well show the
same information on the client and server.
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Michael Paquier <michael.paquier@gmail.com>
Diffstat (limited to 'src/backend/utils/init')
| -rw-r--r-- | src/backend/utils/init/postinit.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index f9b330998d3..484628987f4 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -246,12 +246,15 @@ PerformAuthentication(Port *port) { if (am_walsender) { -#ifdef USE_OPENSSL +#ifdef USE_SSL if (port->ssl_in_use) ereport(LOG, - (errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, compression=%s)", - port->user_name, SSL_get_version(port->ssl), SSL_get_cipher(port->ssl), - SSL_get_current_compression(port->ssl) ? _("on") : _("off")))); + (errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)", + port->user_name, + be_tls_get_version(port), + be_tls_get_cipher(port), + be_tls_get_cipher_bits(port), + be_tls_get_compression(port) ? _("on") : _("off")))); else #endif ereport(LOG, @@ -260,12 +263,15 @@ PerformAuthentication(Port *port) } else { -#ifdef USE_OPENSSL +#ifdef USE_SSL if (port->ssl_in_use) ereport(LOG, - (errmsg("connection authorized: user=%s database=%s SSL enabled (protocol=%s, cipher=%s, compression=%s)", - port->user_name, port->database_name, SSL_get_version(port->ssl), SSL_get_cipher(port->ssl), - SSL_get_current_compression(port->ssl) ? _("on") : _("off")))); + (errmsg("connection authorized: user=%s database=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)", + port->user_name, port->database_name, + be_tls_get_version(port), + be_tls_get_cipher(port), + be_tls_get_cipher_bits(port), + be_tls_get_compression(port) ? _("on") : _("off")))); else #endif ereport(LOG, |