aboutsummaryrefslogtreecommitdiff
path: root/src/backend/libpq/be-secure-openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/libpq/be-secure-openssl.c')
-rw-r--r--src/backend/libpq/be-secure-openssl.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index fe15227a773..1e3e19f5e02 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -1216,6 +1216,30 @@ be_tls_get_peerdn_name(Port *port, char *ptr, size_t len)
}
/*
+ * Routine to get the expected TLS Finished message information from the
+ * client, useful for authorization when doing channel binding.
+ *
+ * Result is a palloc'd copy of the TLS Finished message with its size.
+ */
+char *
+be_tls_get_peer_finished(Port *port, size_t *len)
+{
+ char dummy[1];
+ char *result;
+
+ /*
+ * OpenSSL does not offer an API to directly get the length of the
+ * expected TLS Finished message, so just do a dummy call to grab this
+ * information to allow caller to do an allocation with a correct size.
+ */
+ *len = SSL_get_peer_finished(port->ssl, dummy, sizeof(dummy));
+ result = palloc(*len);
+ (void) SSL_get_peer_finished(port->ssl, result, *len);
+
+ return result;
+}
+
+/*
* Convert an X509 subject name to a cstring.
*
*/
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-04 10:30:03 +0000