PostgreSQL Source Code git master
|
#include "postgres_fe.h"
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include "libpq-fe.h"
#include "fe-auth.h"
#include "fe-secure-common.h"
#include "libpq-int.h"
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#include <pthread.h>
#include "common/openssl.h"
#include <openssl/conf.h>
#include <openssl/x509v3.h>
Go to the source code of this file.
Macros | |
#define | SSL_ERR_LEN 128 |
Functions | |
static int | verify_cb (int ok, X509_STORE_CTX *ctx) |
static int | openssl_verify_peer_name_matches_certificate_name (PGconn *conn, ASN1_STRING *name_entry, char **store_name) |
static int | openssl_verify_peer_name_matches_certificate_ip (PGconn *conn, ASN1_OCTET_STRING *addr_entry, char **store_name) |
static int | initialize_SSL (PGconn *conn) |
static PostgresPollingStatusType | open_client_SSL (PGconn *conn) |
static char * | SSLerrmessage (unsigned long ecode) |
static void | SSLerrfree (char *buf) |
static int | PQssl_passwd_cb (char *buf, int size, int rwflag, void *userdata) |
static int | pgconn_bio_read (BIO *h, char *buf, int size) |
static int | pgconn_bio_write (BIO *h, const char *buf, int size) |
static BIO_METHOD * | pgconn_bio_method (void) |
static int | ssl_set_pgconn_bio (PGconn *conn) |
static int | ssl_protocol_version_to_openssl (const char *protocol) |
PostgresPollingStatusType | pgtls_open_client (PGconn *conn) |
ssize_t | pgtls_read (PGconn *conn, void *ptr, size_t len) |
bool | pgtls_read_pending (PGconn *conn) |
ssize_t | pgtls_write (PGconn *conn, const void *ptr, size_t len) |
char * | pgtls_get_peer_certificate_hash (PGconn *conn, size_t *len) |
static bool | is_ip_address (const char *host) |
int | pgtls_verify_peer_name_matches_certificate_guts (PGconn *conn, int *names_examined, char **first_name) |
void | pgtls_close (PGconn *conn) |
void * | PQgetssl (PGconn *conn) |
void * | PQsslStruct (PGconn *conn, const char *struct_name) |
const char *const * | PQsslAttributeNames (PGconn *conn) |
const char * | PQsslAttribute (PGconn *conn, const char *attribute_name) |
static long | pgconn_bio_ctrl (BIO *h, int cmd, long num, void *ptr) |
int | PQdefaultSSLKeyPassHook_OpenSSL (char *buf, int size, PGconn *conn) |
PQsslKeyPassHook_OpenSSL_type | PQgetSSLKeyPassHook_OpenSSL (void) |
void | PQsetSSLKeyPassHook_OpenSSL (PQsslKeyPassHook_OpenSSL_type hook) |
Variables | |
static pthread_mutex_t | ssl_config_mutex = PTHREAD_MUTEX_INITIALIZER |
static PQsslKeyPassHook_OpenSSL_type | PQsslKeyPassHook = NULL |
static unsigned char | alpn_protos [] = PG_ALPN_PROTOCOL_VECTOR |
static char | ssl_nomem [] = "out of memory allocating error description" |
static BIO_METHOD * | pgconn_bio_method_ptr |
#define SSL_ERR_LEN 128 |
Definition at line 1489 of file fe-secure-openssl.c.
|
static |
Definition at line 694 of file fe-secure-openssl.c.
References alpn_protos, buf, conn, pg_conn::connhost, err(), free, pg_conn_host::host, libpq_append_conn_error(), MAXPGPATH, PG_STRERROR_R_BUFLEN, pqGetHomeDirectory(), PQssl_passwd_cb(), PQsslKeyPassHook, S_IRWXG, S_IRWXO, S_ISREG, S_IWGRP, S_IXGRP, snprintf, SSL_context, pg_conn::ssl_in_use, pg_conn::ssl_max_protocol_version, pg_conn::ssl_min_protocol_version, ssl_protocol_version_to_openssl(), ssl_set_pgconn_bio(), pg_conn::sslcert, pg_conn::sslcertmode, pg_conn::sslcompression, pg_conn::sslcrl, pg_conn::sslcrldir, SSLerrfree(), SSLerrmessage(), pg_conn::sslkey, pg_conn::sslmode, pg_conn::sslpassword, pg_conn::sslrootcert, pg_conn::sslsni, stat, strerror_r, strlcpy(), verify_cb(), and pg_conn::whichhost.
Referenced by pgtls_open_client().
|
static |
Definition at line 523 of file fe-secure-openssl.c.
References inet_aton().
Referenced by pgtls_verify_peer_name_matches_certificate_guts().
|
static |
Definition at line 1276 of file fe-secure-openssl.c.
References conn, pg_conn::current_enc_method, ENC_SSL, err(), len, libpq_append_conn_error(), PG_ALPN_PROTOCOL, PG_STRERROR_R_BUFLEN, PGRES_POLLING_FAILED, PGRES_POLLING_OK, PGRES_POLLING_READING, PGRES_POLLING_WRITING, pgtls_close(), pq_verify_peer_name_matches_certificate(), SOCK_ERRNO, SOCK_ERRNO_SET, SOCK_STRERROR, pg_conn::ssl_max_protocol_version, pg_conn::ssl_min_protocol_version, SSLerrfree(), SSLerrmessage(), pg_conn::sslnegotiation, and pg_conn::sslrootcert.
Referenced by pgtls_open_client().
|
static |
Definition at line 498 of file fe-secure-openssl.c.
References conn, len, libpq_append_conn_error(), and pq_verify_peer_name_matches_certificate_ip().
Referenced by pgtls_verify_peer_name_matches_certificate_guts().
|
static |
Definition at line 469 of file fe-secure-openssl.c.
References conn, len, libpq_append_conn_error(), and pq_verify_peer_name_matches_certificate_name().
Referenced by pgtls_verify_peer_name_matches_certificate_guts().
|
static |
Definition at line 1741 of file fe-secure-openssl.c.
References conn, and pg_conn::last_read_was_eof.
Referenced by pgconn_bio_method().
|
static |
Definition at line 1771 of file fe-secure-openssl.c.
References err(), pgconn_bio_ctrl(), pgconn_bio_method_ptr, pgconn_bio_read(), pgconn_bio_write(), pthread_mutex_lock(), pthread_mutex_unlock(), and ssl_config_mutex.
Referenced by ssl_set_pgconn_bio().
|
static |
Definition at line 1676 of file fe-secure-openssl.c.
References buf, conn, EAGAIN, EINTR, EWOULDBLOCK, pg_conn::last_read_was_eof, pqsecure_raw_read(), SOCK_ERRNO, and pg_conn::ssl_handshake_started.
Referenced by pgconn_bio_method().
|
static |
Definition at line 1711 of file fe-secure-openssl.c.
References buf, EAGAIN, EINTR, EWOULDBLOCK, pqsecure_raw_write(), and SOCK_ERRNO.
Referenced by pgconn_bio_method().
void pgtls_close | ( | PGconn * | conn | ) |
Definition at line 1440 of file fe-secure-openssl.c.
References conn, pg_conn::ssl_handshake_started, and pg_conn::ssl_in_use.
Referenced by open_client_SSL(), pgtls_open_client(), and pqsecure_close().
char * pgtls_get_peer_certificate_hash | ( | PGconn * | conn, |
size_t * | len | ||
) |
Definition at line 339 of file fe-secure-openssl.c.
References conn, hash(), len, libpq_append_conn_error(), and malloc.
Referenced by build_client_final_message().
PostgresPollingStatusType pgtls_open_client | ( | PGconn * | conn | ) |
Definition at line 95 of file fe-secure-openssl.c.
References conn, initialize_SSL(), open_client_SSL(), PGRES_POLLING_FAILED, and pgtls_close().
Referenced by pqsecure_open_client().
ssize_t pgtls_read | ( | PGconn * | conn, |
void * | ptr, | ||
size_t | len | ||
) |
Definition at line 117 of file fe-secure-openssl.c.
References appendPQExpBufferStr(), conn, ECONNRESET, err(), pg_conn::errorMessage, len, libpq_append_conn_error(), PG_STRERROR_R_BUFLEN, SOCK_ERRNO, SOCK_ERRNO_SET, SOCK_STRERROR, SSLerrfree(), and SSLerrmessage().
Referenced by pqsecure_read().
bool pgtls_read_pending | ( | PGconn * | conn | ) |
int pgtls_verify_peer_name_matches_certificate_guts | ( | PGconn * | conn, |
int * | names_examined, | ||
char ** | first_name | ||
) |
Definition at line 543 of file fe-secure-openssl.c.
References Assert(), conn, pg_conn::connhost, free, pg_conn_host::host, i, is_ip_address(), name, openssl_verify_peer_name_matches_certificate_ip(), openssl_verify_peer_name_matches_certificate_name(), and pg_conn::whichhost.
Referenced by pq_verify_peer_name_matches_certificate().
ssize_t pgtls_write | ( | PGconn * | conn, |
const void * | ptr, | ||
size_t | len | ||
) |
Definition at line 239 of file fe-secure-openssl.c.
References appendPQExpBufferStr(), conn, ECONNRESET, err(), pg_conn::errorMessage, len, libpq_append_conn_error(), PG_STRERROR_R_BUFLEN, SOCK_ERRNO, SOCK_ERRNO_SET, SOCK_STRERROR, SSLerrfree(), and SSLerrmessage().
Referenced by pqsecure_write().
int PQdefaultSSLKeyPassHook_OpenSSL | ( | char * | buf, |
int | size, | ||
PGconn * | conn | ||
) |
Definition at line 1842 of file fe-secure-openssl.c.
References buf, conn, fprintf, libpq_gettext, and pg_conn::sslpassword.
Referenced by PQssl_passwd_cb().
void * PQgetssl | ( | PGconn * | conn | ) |
Definition at line 1564 of file fe-secure-openssl.c.
References conn.
PQsslKeyPassHook_OpenSSL_type PQgetSSLKeyPassHook_OpenSSL | ( | void | ) |
Definition at line 1860 of file fe-secure-openssl.c.
References PQsslKeyPassHook.
void PQsetSSLKeyPassHook_OpenSSL | ( | PQsslKeyPassHook_OpenSSL_type | hook | ) |
Definition at line 1866 of file fe-secure-openssl.c.
References PQsslKeyPassHook.
|
static |
Definition at line 1877 of file fe-secure-openssl.c.
References buf, conn, PQdefaultSSLKeyPassHook_OpenSSL(), and PQsslKeyPassHook.
Referenced by initialize_SSL().
const char * PQsslAttribute | ( | PGconn * | conn, |
const char * | attribute_name | ||
) |
Definition at line 1609 of file fe-secure-openssl.c.
References conn, data, len, and snprintf.
Referenced by exec_command_conninfo(), print_ssl_library(), and printSSLInfo().
const char *const * PQsslAttributeNames | ( | PGconn * | conn | ) |
Definition at line 1582 of file fe-secure-openssl.c.
References conn.
void * PQsslStruct | ( | PGconn * | conn, |
const char * | struct_name | ||
) |
Definition at line 1572 of file fe-secure-openssl.c.
References conn.
|
static |
Definition at line 1898 of file fe-secure-openssl.c.
References pg_strcasecmp().
Referenced by initialize_SSL().
|
static |
Definition at line 1816 of file fe-secure-openssl.c.
References conn, and pgconn_bio_method().
Referenced by initialize_SSL().
|
static |
Definition at line 1550 of file fe-secure-openssl.c.
References buf, free, and ssl_nomem.
Referenced by initialize_SSL(), open_client_SSL(), pgtls_read(), and pgtls_write().
|
static |
Definition at line 1492 of file fe-secure-openssl.c.
References libpq_gettext, malloc, snprintf, SSL_ERR_LEN, ssl_nomem, strerror_r, and strlcpy().
Referenced by initialize_SSL(), open_client_SSL(), pgtls_read(), and pgtls_write().
|
static |
Definition at line 429 of file fe-secure-openssl.c.
Referenced by initialize_SSL().
|
static |
Definition at line 685 of file fe-secure-openssl.c.
Referenced by initialize_SSL().
|
static |
Definition at line 1673 of file fe-secure-openssl.c.
Referenced by pgconn_bio_method().
|
static |
Definition at line 87 of file fe-secure-openssl.c.
Referenced by initialize_SSL(), PQgetSSLKeyPassHook_OpenSSL(), PQsetSSLKeyPassHook_OpenSSL(), and PQssl_passwd_cb().
|
static |
Definition at line 85 of file fe-secure-openssl.c.
Referenced by pgconn_bio_method().
|
static |
Definition at line 1487 of file fe-secure-openssl.c.
Referenced by SSLerrfree(), and SSLerrmessage().