diff options
| author | Magnus Hagander <magnus@hagander.net> | 2009-01-28 15:06:55 +0000 |
|---|---|---|
| committer | Magnus Hagander <magnus@hagander.net> | 2009-01-28 15:06:55 +0000 |
| commit | 3364386166f4d7b926d12d7b51645e9c7a3a1c7e (patch) | |
| tree | 9cb6b2af768c19f4480ac646267f745509db39c2 /src/backend | |
| parent | 7b4460885f2f651e36099124852aa6c1a9f66f5b (diff) | |
| download | postgresql-3364386166f4d7b926d12d7b51645e9c7a3a1c7e.tar.gz postgresql-3364386166f4d7b926d12d7b51645e9c7a3a1c7e.zip | |
Go over all OpenSSL return values and make sure we compare them
to the documented API value. The previous code got it right as
it's implemented, but accepted too much/too little compared to
the API documentation.
Per comment from Zdenek Kotala.
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/libpq/be-secure.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index 772cd71a1f5..78aba180d9f 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.74.2.2 2007/05/18 01:20:25 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.74.2.3 2009/01/28 15:06:54 mha Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -718,9 +718,9 @@ initialize_SSL(void) /* * Load and verify certificate and private key */ - if (!SSL_CTX_use_certificate_file(SSL_context, + if (SSL_CTX_use_certificate_file(SSL_context, SERVER_CERT_FILE, - SSL_FILETYPE_PEM)) + SSL_FILETYPE_PEM) != 1) ereport(FATAL, (errcode(ERRCODE_CONFIG_FILE_ERROR), errmsg("could not load server certificate file \"%s\": %s", @@ -750,14 +750,14 @@ initialize_SSL(void) errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\"."))); #endif - if (!SSL_CTX_use_PrivateKey_file(SSL_context, + if (SSL_CTX_use_PrivateKey_file(SSL_context, SERVER_PRIVATE_KEY_FILE, - SSL_FILETYPE_PEM)) + SSL_FILETYPE_PEM) != 1) ereport(FATAL, (errmsg("could not load private key file \"%s\": %s", SERVER_PRIVATE_KEY_FILE, SSLerrmessage()))); - if (!SSL_CTX_check_private_key(SSL_context)) + if (SSL_CTX_check_private_key(SSL_context) != 1) ereport(FATAL, (errmsg("check of private key failed: %s", SSLerrmessage()))); @@ -774,7 +774,7 @@ initialize_SSL(void) /* * Require and check client certificates only if we have a root.crt file. */ - if (!SSL_CTX_load_verify_locations(SSL_context, ROOT_CERT_FILE, NULL)) + if (SSL_CTX_load_verify_locations(SSL_context, ROOT_CERT_FILE, NULL) != 1) { /* Not fatal - we do not require client certificates */ ereport(LOG, @@ -794,7 +794,7 @@ initialize_SSL(void) if (cvstore) { /* Set the flags to check against the complete CRL chain */ - if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) != 0) + if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) == 1) /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */ #ifdef X509_V_FLAG_CRL_CHECK X509_STORE_set_flags(cvstore, |