Go to the source code of this file.
◆ pq_verify_peer_name_matches_certificate()
bool pq_verify_peer_name_matches_certificate |
( |
PGconn * |
conn | ) |
|
Definition at line 258 of file fe-secure-common.c.
262 int names_examined = 0;
263 char *first_name = NULL;
273 if (!(host && host[0] !=
'\0'))
276 libpq_gettext(
"host name must be specified for a verified SSL connection\n"));
290 if (names_examined > 1)
293 libpq_ngettext(
"server certificate for \"%s\" (and %d other name) does not match host name \"%s\"\n",
294 "server certificate for \"%s\" (and %d other names) does not match host name \"%s\"\n",
296 first_name, names_examined - 1, host);
298 else if (names_examined == 1)
301 libpq_gettext(
"server certificate for \"%s\" does not match host name \"%s\"\n"),
307 libpq_gettext(
"could not get server's host name from server certificate\n"));
int pgtls_verify_peer_name_matches_certificate_guts(PGconn *conn, int *names_examined, char **first_name)
#define libpq_ngettext(s, p, n)
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
PQExpBufferData errorMessage
References appendPQExpBuffer(), appendPQExpBufferStr(), conn, pg_conn::connhost, pg_conn::errorMessage, free, pg_conn_host::host, libpq_gettext, libpq_ngettext, pgtls_verify_peer_name_matches_certificate_guts(), pg_conn::sslmode, and pg_conn::whichhost.
Referenced by open_client_SSL().
◆ pq_verify_peer_name_matches_certificate_ip()
int pq_verify_peer_name_matches_certificate_ip |
( |
PGconn * |
conn, |
|
|
const unsigned char * |
addrdata, |
|
|
size_t |
addrlen, |
|
|
char ** |
store_name |
|
) |
| |
Definition at line 160 of file fe-secure-common.c.
169 char tmp[
sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"];
174 if (!(host && host[0] !=
'\0'))
202 if (memcmp(ipdata, &addr.s_addr, iplen) == 0)
211 #ifdef HAVE_INET_PTON
212 else if (iplen == 16)
215 struct in6_addr addr;
219 if (inet_pton(AF_INET6, host, &addr) == 1)
221 if (memcmp(ipdata, &addr.s6_addr, iplen) == 0)
233 libpq_gettext(
"certificate contains IP address with invalid length %lu\n"),
234 (
unsigned long) iplen);
243 libpq_gettext(
"could not convert certificate's IP address to string: %s\n"),
248 *store_name = strdup(addrstr);
#define PG_STRERROR_R_BUFLEN
char * pg_inet_net_ntop(int af, const void *src, int bits, char *dst, size_t size)
int inet_aton(const char *cp, struct in_addr *addr)
References appendPQExpBuffer(), appendPQExpBufferStr(), conn, pg_conn::connhost, pg_conn::errorMessage, pg_conn_host::host, inet_aton(), libpq_gettext, pg_inet_net_ntop(), PG_STRERROR_R_BUFLEN, strerror_r, and pg_conn::whichhost.
Referenced by openssl_verify_peer_name_matches_certificate_ip().
◆ pq_verify_peer_name_matches_certificate_name()
int pq_verify_peer_name_matches_certificate_name |
( |
PGconn * |
conn, |
|
|
const char * |
namedata, |
|
|
size_t |
namelen, |
|
|
char ** |
store_name |
|
) |
| |
Definition at line 87 of file fe-secure-common.c.
97 if (!(host && host[0] !=
'\0'))
115 memcpy(
name, namedata, namelen);
116 name[namelen] =
'\0';
122 if (namelen != strlen(
name))
126 libpq_gettext(
"SSL certificate's name contains embedded null\n"));
static bool wildcard_certificate_match(const char *pattern, const char *string)
int pg_strcasecmp(const char *s1, const char *s2)
References appendPQExpBufferStr(), conn, pg_conn::connhost, pg_conn::errorMessage, free, pg_conn_host::host, libpq_gettext, malloc, name, pg_strcasecmp(), pg_conn::whichhost, and wildcard_certificate_match().
Referenced by openssl_verify_peer_name_matches_certificate_name().