diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2014-08-11 11:54:19 +0300 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2014-08-11 11:54:19 +0300 |
| commit | 680513ab79c7e12e402a2aad7921b95a25a4bcc8 (patch) | |
| tree | c2a5b1debb5599ae4a3522be921a78a6f1cf35c3 /src/include/libpq | |
| parent | 6aa61580e08d58909b2a8845a4087b7699335ee0 (diff) | |
| download | postgresql-680513ab79c7e12e402a2aad7921b95a25a4bcc8.tar.gz | |
Break out OpenSSL-specific code to separate files.
This refactoring is in preparation for adding support for other SSL
implementations, with no user-visible effects. There are now two #defines,
USE_OPENSSL which is defined when building with OpenSSL, and USE_SSL which
is defined when building with any SSL implementation. Currently, OpenSSL is
the only implementation so the two #defines go together, but USE_SSL is
supposed to be used for implementation-independent code.
The libpq SSL code is changed to use a custom BIO, which does all the raw
I/O, like we've been doing in the backend for a long time. That makes it
possible to use MSG_NOSIGNAL to block SIGPIPE when using SSL, which avoids
a couple of syscall for each send(). Probably doesn't make much performance
difference in practice - the SSL encryption is expensive enough to mask the
effect - but it was a natural result of this refactoring.
Based on a patch by Martijn van Oosterhout from 2006. Briefly reviewed by
Alvaro Herrera, Andreas Karlsson, Jeff Janes.
Diffstat (limited to 'src/include/libpq')
| -rw-r--r-- | src/include/libpq/libpq-be.h | 24 | ||||
| -rw-r--r-- | src/include/libpq/libpq.h | 9 |
2 files changed, 29 insertions, 4 deletions
diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h index e78c565b1e..34e52e44b0 100644 --- a/src/include/libpq/libpq-be.h +++ b/src/include/libpq/libpq-be.h @@ -21,7 +21,7 @@ #ifdef HAVE_SYS_TIME_H #include <sys/time.h> #endif -#ifdef USE_SSL +#ifdef USE_OPENSSL #include <openssl/ssl.h> #include <openssl/err.h> #endif @@ -184,17 +184,33 @@ typedef struct Port #endif /* - * SSL structures (keep these last so that USE_SSL doesn't affect - * locations of other fields) + * SSL structures (keep these last so that the locations of other fields + * are the same whether or not you build with SSL) */ #ifdef USE_SSL + bool ssl_in_use; + char *peer_cn; + bool peer_cert_valid; +#endif +#ifdef USE_OPENSSL SSL *ssl; X509 *peer; - char *peer_cn; unsigned long count; #endif } Port; +#ifdef USE_SSL +/* + * These functions are implemented by the glue code specific to each + * SSL implementation (e.g. be-secure-openssl.c) + */ +extern void be_tls_init(void); +extern int be_tls_open_server(Port *port); +extern void be_tls_close(Port *port); +extern ssize_t be_tls_read(Port *port, void *ptr, size_t len); +extern ssize_t be_tls_write(Port *port, void *ptr, size_t len); + +#endif extern ProtocolVersion FrontendProtocol; diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h index e4e354dafa..5da9d8d4f5 100644 --- a/src/include/libpq/libpq.h +++ b/src/include/libpq/libpq.h @@ -82,5 +82,14 @@ extern int secure_open_server(Port *port); extern void secure_close(Port *port); extern ssize_t secure_read(Port *port, void *ptr, size_t len); extern ssize_t secure_write(Port *port, void *ptr, size_t len); +extern ssize_t secure_raw_read(Port *port, void *ptr, size_t len); +extern ssize_t secure_raw_write(Port *port, const void *ptr, size_t len); + +extern bool ssl_loaded_verify_locations; + +/* GUCs */ +extern char *SSLCipherSuites; +extern char *SSLECDHCurve; +extern bool SSLPreferServerCiphers; #endif /* LIBPQ_H */ |