Don't bother to request SSL connection over a Unix socket, since the

postmaster won't accept the request anyway.  (If your kernel can't
be trusted, SSL will not help you.)

diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 28eced2e9b0a9761e26fde3bf708e228db60cf23..772e54b8dbaf177d3be14035ee7486f831af090d 100644 (file)
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.181 2001/11/11 02:09:05 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.182 2002/03/02 00:49:22 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -309,7 +309,8 @@ PQconnectStart(const char *conninfo)
        conn->pgpass = tmp ? strdup(tmp) : NULL;
 #ifdef USE_SSL
        tmp = conninfo_getval(connOptions, "requiressl");
-       conn->require_ssl = tmp ? (tmp[0] == '1' ? true : false) : false;
+       if (tmp && tmp[0] == '1')
+               conn->require_ssl = true;
 #endif
 
        /*
@@ -504,8 +505,6 @@ PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions,
 #ifdef USE_SSL
        if ((tmp = getenv("PGREQUIRESSL")) != NULL)
                conn->require_ssl = (tmp[0] == '1') ? true : false;
-       else
-               conn->require_ssl = 0;
 #endif
 
        if (error)
@@ -871,6 +870,11 @@ connectDBStart(PGconn *conn)
        {
                UNIXSOCK_PATH(conn->raddr.un, portno, conn->pgunixsocket);
                conn->raddr_len = UNIXSOCK_LEN(conn->raddr.un);
+#ifdef USE_SSL
+               /* Don't bother requesting SSL over a Unix socket */
+               conn->allow_ssl_try = false;
+               conn->require_ssl = false;
+#endif
        }
 #endif