diff options
| author | Magnus Hagander <magnus@hagander.net> | 2008-12-15 10:28:22 +0000 |
|---|---|---|
| committer | Magnus Hagander <magnus@hagander.net> | 2008-12-15 10:28:22 +0000 |
| commit | 5f3724dd7c6b8beb9be3030cb3262038755c88e4 (patch) | |
| tree | 63cd88f1021be0230e31788e5dd428c9ac91efd2 /src/interfaces/libpq/fe-connect.c | |
| parent | a9d5f30be328fb83f0667b8a60df00a30d934fb2 (diff) | |
| download | postgresql-5f3724dd7c6b8beb9be3030cb3262038755c88e4.tar.gz postgresql-5f3724dd7c6b8beb9be3030cb3262038755c88e4.zip | |
Support specifying filename for SSL certificate, key, root certificate store
and certificate revokation list by using connection parameters or environment
variables.
Original patch by Mark Woodward, heavily reworked by Alvaro Herrera and
Magnus Hagander.
Diffstat (limited to 'src/interfaces/libpq/fe-connect.c')
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index ce6af2bcd32..c03de3c0be6 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.370 2008/11/26 00:26:23 tgl Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.371 2008/12/15 10:28:21 mha Exp $ * *------------------------------------------------------------------------- */ @@ -177,8 +177,10 @@ static const PQconninfoOption PQconninfoOptions[] = { #endif /* - * "sslmode" option is allowed even without client SSL support because the - * client can still handle SSL modes "disable" and "allow". + * ssl options are allowed even without client SSL support because the + * client can still handle SSL modes "disable" and "allow". Other parameters + * have no effect on non-SSL connections, so there is no reason to exclude them + * since none of them are mandatory. */ {"sslmode", "PGSSLMODE", DefaultSSLMode, NULL, "SSL-Mode", "", 8}, /* sizeof("disable") == 8 */ @@ -186,6 +188,18 @@ static const PQconninfoOption PQconninfoOptions[] = { {"sslverify", "PGSSLVERIFY", DefaultSSLVerify, NULL, "SSL-Verify", "", 5}, /* sizeof("chain") == 5 */ + {"sslcert", "PGSSLCERT", NULL, NULL, + "SSL-Client-Cert", "", 64}, + + {"sslkey", "PGSSLKEY", NULL, NULL, + "SSL-Client-Key", "", 64}, + + {"sslrootcert", "PGSSLROOTCERT", NULL, NULL, + "SSL-Root-Certificate", "", 64}, + + {"sslcrl", "PGSSLCRL", NULL, NULL, + "SSL-Revocation-List", "", 64}, + #if defined(KRB5) || defined(ENABLE_GSS) || defined(ENABLE_SSPI) /* Kerberos and GSSAPI authentication support specifying the service name */ {"krbsrvname", "PGKRBSRVNAME", PG_KRB_SRVNAM, NULL, @@ -419,6 +433,14 @@ connectOptions1(PGconn *conn, const char *conninfo) conn->sslmode = tmp ? strdup(tmp) : NULL; tmp = conninfo_getval(connOptions, "sslverify"); conn->sslverify = tmp ? strdup(tmp) : NULL; + tmp = conninfo_getval(connOptions, "sslkey"); + conn->sslkey = tmp ? strdup(tmp) : NULL; + tmp = conninfo_getval(connOptions, "sslcert"); + conn->sslcert = tmp ? strdup(tmp) : NULL; + tmp = conninfo_getval(connOptions, "sslrootcert"); + conn->sslrootcert = tmp ? strdup(tmp) : NULL; + tmp = conninfo_getval(connOptions, "sslcrl"); + conn->sslcrl = tmp ? strdup(tmp) : NULL; #ifdef USE_SSL tmp = conninfo_getval(connOptions, "requiressl"); if (tmp && tmp[0] == '1') @@ -2032,6 +2054,14 @@ freePGconn(PGconn *conn) free(conn->sslmode); if (conn->sslverify) free(conn->sslverify); + if (conn->sslcert) + free(conn->sslcert); + if (conn->sslkey) + free(conn->sslkey); + if (conn->sslrootcert) + free(conn->sslrootcert); + if (conn->sslcrl) + free(conn->sslcrl); #if defined(KRB5) || defined(ENABLE_GSS) || defined(ENABLE_SSPI) if (conn->krbsrvname) free(conn->krbsrvname); |