diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2021-08-13 10:32:16 +0200 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2021-08-13 10:32:16 +0200 |
| commit | ffff00a3556734f859f375b8c76c89f1d2920bcd (patch) | |
| tree | e6232f36617b91655a7d489f0b90d1a20abdcc64 /src/interfaces/libpq/fe-secure-openssl.c | |
| parent | dc23c77d07af086574124ea5ca65acf9360b8691 (diff) | |
| download | postgresql-ffff00a3556734f859f375b8c76c89f1d2920bcd.tar.gz postgresql-ffff00a3556734f859f375b8c76c89f1d2920bcd.zip | |
Fix sslsni connparam boolean check
The check for sslsni only checked for existence of the parameter
but not for the actual value of the param. This meant that the
SNI extension was always turned on. Fix by inspecting the value
of sslsni and only activate the SNI extension iff sslsni has been
enabled. Also update the docs to be more in line with how other
boolean params are documented.
Backpatch to 14 where sslsni was first implemented.
Reviewed-by: Tom Lane
Backpatch-through: 14, where sslni was added
Diffstat (limited to 'src/interfaces/libpq/fe-secure-openssl.c')
| -rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 67feaedc4e0..f2b5feccc77 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -1087,7 +1087,7 @@ initialize_SSL(PGconn *conn) * Per RFC 6066, do not set it if the host is a literal IP address (IPv4 * or IPv6). */ - if (conn->sslsni && conn->sslsni[0]) + if (conn->sslsni && conn->sslsni[0] == '1') { const char *host = conn->connhost[conn->whichhost].host; |