PostgreSQL Source Code
git master
|
#include "postgres_fe.h"
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include "libpq-fe.h"
#include "fe-auth.h"
#include "fe-secure-common.h"
#include "libpq-int.h"
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#include <pthread.h>
#include "common/openssl.h"
#include <openssl/conf.h>
#include <openssl/x509v3.h>
Go to the source code of this file.
Macros | |
#define | SSL_ERR_LEN 128 |
Variables | |
static bool | pq_init_ssl_lib = true |
static bool | pq_init_crypto_lib = true |
static bool | ssl_lib_initialized = false |
static long | crypto_open_connections = 0 |
static pthread_mutex_t | ssl_config_mutex = PTHREAD_MUTEX_INITIALIZER |
static PQsslKeyPassHook_OpenSSL_type | PQsslKeyPassHook = NULL |
static unsigned char | alpn_protos [] = PG_ALPN_PROTOCOL_VECTOR |
static char | ssl_nomem [] = "out of memory allocating error description" |
static BIO_METHOD * | my_bio_methods |
#define SSL_ERR_LEN 128 |
Definition at line 1693 of file fe-secure-openssl.c.
|
static |
Definition at line 855 of file fe-secure-openssl.c.
References crypto_open_connections, pq_init_crypto_lib, pthread_mutex_lock(), pthread_mutex_unlock(), and ssl_config_mutex.
Referenced by pgtls_close().
|
static |
Definition at line 898 of file fe-secure-openssl.c.
References alpn_protos, buf, conn, pg_conn::connhost, err(), free, pg_conn_host::host, libpq_append_conn_error(), MAXPGPATH, my_SSL_set_fd(), PG_STRERROR_R_BUFLEN, pqGetHomeDirectory(), PQssl_passwd_cb(), PQsslKeyPassHook, S_IRWXG, S_IRWXO, S_ISREG, S_IWGRP, S_IXGRP, snprintf, pg_conn::sock, SSL_context, SSL_CTX_set_max_proto_version(), SSL_CTX_set_min_proto_version(), pg_conn::ssl_in_use, pg_conn::ssl_max_protocol_version, pg_conn::ssl_min_protocol_version, ssl_protocol_version_to_openssl(), pg_conn::sslcert, pg_conn::sslcertmode, pg_conn::sslcompression, pg_conn::sslcrl, pg_conn::sslcrldir, SSLerrfree(), SSLerrmessage(), pg_conn::sslkey, pg_conn::sslmode, pg_conn::sslpassword, pg_conn::sslrootcert, pg_conn::sslsni, stat, strerror_r, strlcpy(), verify_cb(), and pg_conn::whichhost.
Referenced by pgtls_open_client().
|
static |
Definition at line 554 of file fe-secure-openssl.c.
References inet_aton().
Referenced by pgtls_verify_peer_name_matches_certificate_guts().
|
static |
Definition at line 1926 of file fe-secure-openssl.c.
References err(), free, malloc, my_bio_methods, my_sock_read(), my_sock_write(), pthread_mutex_lock(), pthread_mutex_unlock(), res, and ssl_config_mutex.
Referenced by my_SSL_set_fd().
|
static |
Definition at line 1862 of file fe-secure-openssl.c.
References buf, conn, EAGAIN, EINTR, EWOULDBLOCK, pqsecure_raw_read(), res, size, SOCK_ERRNO, and pg_conn::ssl_handshake_started.
Referenced by my_BIO_s_socket().
|
static |
Definition at line 1896 of file fe-secure-openssl.c.
References buf, EAGAIN, EINTR, EWOULDBLOCK, pqsecure_raw_write(), res, size, and SOCK_ERRNO.
Referenced by my_BIO_s_socket().
|
static |
Definition at line 1992 of file fe-secure-openssl.c.
References conn, err(), fd(), and my_BIO_s_socket().
Referenced by initialize_SSL().
|
static |
Definition at line 1480 of file fe-secure-openssl.c.
References conn, err(), libpq_append_conn_error(), PG_STRERROR_R_BUFLEN, PGRES_POLLING_FAILED, PGRES_POLLING_OK, PGRES_POLLING_READING, PGRES_POLLING_WRITING, pgtls_close(), pq_verify_peer_name_matches_certificate(), SOCK_ERRNO, SOCK_ERRNO_SET, SOCK_STRERROR, pg_conn::ssl_max_protocol_version, pg_conn::ssl_min_protocol_version, SSLerrfree(), SSLerrmessage(), and pg_conn::sslrootcert.
Referenced by pgtls_open_client().
|
static |
Definition at line 525 of file fe-secure-openssl.c.
References conn, len, libpq_append_conn_error(), and pq_verify_peer_name_matches_certificate_ip().
Referenced by pgtls_verify_peer_name_matches_certificate_guts().
|
static |
Definition at line 492 of file fe-secure-openssl.c.
References conn, len, libpq_append_conn_error(), and pq_verify_peer_name_matches_certificate_name().
Referenced by pgtls_verify_peer_name_matches_certificate_guts().
void pgtls_close | ( | PGconn * | conn | ) |
Definition at line 1616 of file fe-secure-openssl.c.
References conn, destroy_ssl_system(), pg_conn::ssl_handshake_started, and pg_conn::ssl_in_use.
Referenced by open_client_SSL(), pgtls_open_client(), and pqsecure_close().
char* pgtls_get_peer_certificate_hash | ( | PGconn * | conn, |
size_t * | len | ||
) |
Definition at line 362 of file fe-secure-openssl.c.
References conn, hash(), len, libpq_append_conn_error(), and malloc.
Referenced by build_client_final_message().
Definition at line 769 of file fe-secure-openssl.c.
References conn, crypto_open_connections, free, i, malloc, pq_init_crypto_lib, pq_init_ssl_lib, pthread_mutex_init(), pthread_mutex_lock(), pthread_mutex_unlock(), ssl_config_mutex, and ssl_lib_initialized.
Referenced by pqsecure_initialize().
void pgtls_init_library | ( | bool | do_ssl, |
int | do_crypto | ||
) |
Definition at line 104 of file fe-secure-openssl.c.
References crypto_open_connections, pq_init_crypto_lib, and pq_init_ssl_lib.
Referenced by PQinitOpenSSL(), and PQinitSSL().
PostgresPollingStatusType pgtls_open_client | ( | PGconn * | conn | ) |
Definition at line 118 of file fe-secure-openssl.c.
References conn, initialize_SSL(), open_client_SSL(), PGRES_POLLING_FAILED, and pgtls_close().
Referenced by pqsecure_open_client().
ssize_t pgtls_read | ( | PGconn * | conn, |
void * | ptr, | ||
size_t | len | ||
) |
Definition at line 140 of file fe-secure-openssl.c.
References appendPQExpBufferStr(), conn, ECONNRESET, err(), pg_conn::errorMessage, len, libpq_append_conn_error(), PG_STRERROR_R_BUFLEN, SOCK_ERRNO, SOCK_ERRNO_SET, SOCK_STRERROR, SSLerrfree(), and SSLerrmessage().
Referenced by pqsecure_read().
int pgtls_verify_peer_name_matches_certificate_guts | ( | PGconn * | conn, |
int * | names_examined, | ||
char ** | first_name | ||
) |
Definition at line 574 of file fe-secure-openssl.c.
References Assert, conn, pg_conn::connhost, free, pg_conn_host::host, i, is_ip_address(), name, openssl_verify_peer_name_matches_certificate_ip(), openssl_verify_peer_name_matches_certificate_name(), and pg_conn::whichhost.
Referenced by pq_verify_peer_name_matches_certificate().
ssize_t pgtls_write | ( | PGconn * | conn, |
const void * | ptr, | ||
size_t | len | ||
) |
Definition at line 262 of file fe-secure-openssl.c.
References appendPQExpBufferStr(), conn, ECONNRESET, err(), pg_conn::errorMessage, len, libpq_append_conn_error(), PG_STRERROR_R_BUFLEN, SOCK_ERRNO, SOCK_ERRNO_SET, SOCK_STRERROR, SSLerrfree(), and SSLerrmessage().
Referenced by pqsecure_write().
int PQdefaultSSLKeyPassHook_OpenSSL | ( | char * | buf, |
int | size, | ||
PGconn * | conn | ||
) |
Definition at line 2025 of file fe-secure-openssl.c.
References buf, conn, fprintf, libpq_gettext, size, and pg_conn::sslpassword.
Referenced by PQssl_passwd_cb().
void* PQgetssl | ( | PGconn * | conn | ) |
Definition at line 1750 of file fe-secure-openssl.c.
References conn.
PQsslKeyPassHook_OpenSSL_type PQgetSSLKeyPassHook_OpenSSL | ( | void | ) |
Definition at line 2043 of file fe-secure-openssl.c.
References PQsslKeyPassHook.
void PQsetSSLKeyPassHook_OpenSSL | ( | PQsslKeyPassHook_OpenSSL_type | hook | ) |
Definition at line 2049 of file fe-secure-openssl.c.
References PQsslKeyPassHook.
|
static |
Definition at line 2060 of file fe-secure-openssl.c.
References buf, conn, PQdefaultSSLKeyPassHook_OpenSSL(), PQsslKeyPassHook, and size.
Referenced by initialize_SSL().
const char* PQsslAttribute | ( | PGconn * | conn, |
const char * | attribute_name | ||
) |
Definition at line 1795 of file fe-secure-openssl.c.
References conn, data, len, and snprintf.
Referenced by print_ssl_library(), and printSSLInfo().
const char* const* PQsslAttributeNames | ( | PGconn * | conn | ) |
void* PQsslStruct | ( | PGconn * | conn, |
const char * | struct_name | ||
) |
|
static |
Definition at line 2081 of file fe-secure-openssl.c.
References pg_strcasecmp().
Referenced by initialize_SSL().
|
static |
Definition at line 1736 of file fe-secure-openssl.c.
References buf, free, and ssl_nomem.
Referenced by initialize_SSL(), open_client_SSL(), pgtls_read(), and pgtls_write().
|
static |
Definition at line 1696 of file fe-secure-openssl.c.
References libpq_gettext, malloc, snprintf, SSL_ERR_LEN, ssl_nomem, strerror, and strlcpy().
Referenced by initialize_SSL(), open_client_SSL(), pgtls_read(), and pgtls_write().
|
static |
Definition at line 452 of file fe-secure-openssl.c.
Referenced by initialize_SSL().
|
static |
Definition at line 889 of file fe-secure-openssl.c.
Referenced by initialize_SSL().
|
static |
Definition at line 92 of file fe-secure-openssl.c.
Referenced by destroy_ssl_system(), pgtls_init(), and pgtls_init_library().
|
static |
Definition at line 1859 of file fe-secure-openssl.c.
Referenced by my_BIO_s_socket().
Definition at line 88 of file fe-secure-openssl.c.
Referenced by destroy_ssl_system(), pgtls_init(), and pgtls_init_library().
Definition at line 87 of file fe-secure-openssl.c.
Referenced by pgtls_init(), and pgtls_init_library().
|
static |
Definition at line 96 of file fe-secure-openssl.c.
Referenced by initialize_SSL(), PQgetSSLKeyPassHook_OpenSSL(), PQsetSSLKeyPassHook_OpenSSL(), and PQssl_passwd_cb().
|
static |
Definition at line 94 of file fe-secure-openssl.c.
Referenced by destroy_ssl_system(), my_BIO_s_socket(), and pgtls_init().
Definition at line 90 of file fe-secure-openssl.c.
Referenced by pgtls_init().
|
static |
Definition at line 1691 of file fe-secure-openssl.c.
Referenced by SSLerrfree(), and SSLerrmessage().