Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lCKER-0006Rb-7U for pgsql-odbc@arkaria.postgresql.org; Wed, 17 Feb 2021 10:38:55 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1lCKEQ-0004NP-2I for pgsql-odbc@arkaria.postgresql.org; Wed, 17 Feb 2021 10:38:54 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lCKEP-0004Jh-T1 for pgsql-odbc@lists.postgresql.org; Wed, 17 Feb 2021 10:38:53 +0000 Received: from smtp.outgoing.loopia.se ([93.188.3.37]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lCKEM-0001hz-Nf for pgsql-odbc@postgresql.org; Wed, 17 Feb 2021 10:38:52 +0000 Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id B838924615C7 for ; Wed, 17 Feb 2021 11:38:46 +0100 (CET) Received: from s498.loopia.se (unknown [172.22.191.5]) by s807.loopia.se (Postfix) with ESMTP id 99FBF2E27288 for ; Wed, 17 Feb 2021 11:38:46 +0100 (CET) Received: from s473.loopia.se (unknown [172.22.191.5]) by s498.loopia.se (Postfix) with ESMTP id 9699B489423 for ; Wed, 17 Feb 2021 11:38:46 +0100 (CET) X-Virus-Scanned: amavisd-new at amavis.loopia.se X-Spam-Flag: NO X-Spam-Score: -1 X-Spam-Level: X-Spam-Status: No, score=-1 tagged_above=-999 required=6.2 tests=[ALL_TRUSTED=-1] autolearn=disabled Received: from s499.loopia.se ([172.22.191.6]) by s473.loopia.se (s473.loopia.se [172.22.190.13]) (amavisd-new, port 10024) with LMTP id uea4ie9Fr4LK for ; Wed, 17 Feb 2021 11:38:46 +0100 (CET) X-Loopia-Auth: user X-Loopia-User: daniel@yesql.se X-Loopia-Originating-IP: 89.255.232.193 Received: from [192.168.72.43] (customer-89-255-232-193.stosn.net [89.255.232.193]) (Authenticated sender: daniel@yesql.se) by s499.loopia.se (Postfix) with ESMTPSA id 2F69B1CE6231 for ; Wed, 17 Feb 2021 11:38:46 +0100 (CET) From: Daniel Gustafsson Content-Type: multipart/mixed; boundary="Apple-Mail=_635A48C9-0F56-476C-A5D5-302AA85D4B8E" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\)) Subject: SSL connection check Message-Id: <0A5ECAFA-DDF5-4B82-9A90-83F948EADC80@yesql.se> Date: Wed, 17 Feb 2021 11:38:45 +0100 To: pgsql-odbc@postgresql.org X-Mailer: Apple Mail (2.3445.104.17) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk --Apple-Mail=_635A48C9-0F56-476C-A5D5-302AA85D4B8E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii PgDtc_is_recovery_available use PQgetssl() to check if SSL was used for = the connection. PQgetssl() is discouraged since it is hardcoded to the = OpenSSL implementation and may fail to identify an SSL connection in case = another TLS backend is added to postgres (a few alternatives have already been = discussed on -hackers). The attached changes to use PQsslInUse() to perform the check, and = removes a comment which seemed out of place with this (unless I totally = misunderstood it). PQsslInUse has been available since 9.5, to cope with older libpq versions, an autoconf check is added for falling back on PQgetssl in 9.4 through to 9.2. -- Daniel Gustafsson https://vmware.com/ --Apple-Mail=_635A48C9-0F56-476C-A5D5-302AA85D4B8E Content-Disposition: attachment; filename=pqgetssl.patch Content-Type: application/octet-stream; x-unix-mode=0644; name="pqgetssl.patch" Content-Transfer-Encoding: quoted-printable =46rom=20e79f22f2f76bf92ec8290fd8786f471287e03ede=20Mon=20Sep=2017=20= 00:00:00=202001=0AFrom:=20Daniel=20Gustafsson=20=0A= Date:=20Tue,=2016=20Feb=202021=2016:01:08=20+0100=0ASubject:=20[PATCH]=20= Refactor=20check=20for=20SSL=20connection=0A=0APQgetssl=20has=20been=20= discouraged=20from=20use=20since=20postgres=209.5=20since=20it=0Awill=20= risk=20false=20negatives=20if=20postgres=20supports=20other=20TLS=20= libraries=0Athan=20OpenSSL.=20Refactor=20to=20use=20PQsslInUse=20which=20= has=20been=20available=0Asince=209.5=20for=20just=20this=20purpose.=0A= ---=0A=20configure.ac=20|=202=20++=0A=20connection.c=20|=205=20++++-=0A=20= 2=20files=20changed,=206=20insertions(+),=201=20deletion(-)=0A=0Adiff=20= --git=20a/configure.ac=20b/configure.ac=0Aindex=208453a29..090972a=20= 100644=0A---=20a/configure.ac=0A+++=20b/configure.ac=0A@@=20-258,6=20= +258,8=20@@=20AC_C_CONST=0A=20AC_FUNC_STRERROR_R=0A=20= AC_CHECK_FUNCS(strtoul=20strtoll=20strlcat=20mbstowcs=20wcstombs=20= mbrtoc16=20c16rtomb)=0A=20=0A+AC_CHECK_FUNCS(PQsslInUse)=0A+=0A=20if=20= test=20"$enable_pthreads"=20=3D=20yes;=20then=0A=20=20=20= AC_CHECK_FUNCS(localtime_r=20strtok_r=20pthread_mutexattr_settype)=0A=20=0A= diff=20--git=20a/connection.c=20b/connection.c=0Aindex=20= 070e043..02794ff=20100644=0A---=20a/connection.c=0A+++=20b/connection.c=0A= @@=20-3263,10=20+3263,13=20@@=20DLL_DECLARE=20int=20= PgDtc_is_recovery_available(void=20*self,=20char=20*reason,=20int=20= rsize)=0A=20=09/*=0A=20=09=20*=20Did=20we=20use=20SSL=20client=20= certificate,=20SSPI,=20Kerberos=20or=20similar=0A=20=09=20*=20= authentication=20methods?=0A-=09=20*=20There=20seems=20no=20way=20to=20= check=20it=20directly.=0A=20=09=20*/=0A=20=09doubtCert=20=3D=20FALSE;=0A= +#ifdef=20HAVE_PQSSLINUSE=0A+=09if=20(PQsslInUse(conn->pqconn))=0A+#else=0A= =20=09if=20(PQgetssl(conn->pqconn)=20!=3D=20NULL)=0A+#endif=0A=20=09=09= doubtCert=20=3D=20TRUE;=0A=20=0A=20=09nameSize=20=3D=20= sizeof(loginUser);=0A--=20=0A2.21.1=20(Apple=20Git-122.3)=0A=0A= --Apple-Mail=_635A48C9-0F56-476C-A5D5-302AA85D4B8E--