Make Port->ssl_in_use available, even when built with !USE_SSL

Code that check the flag no longer need #ifdef's, which is more convenient.
In particular, makes it easier to write extensions that depend on it.

In the passing, modify sslinfo's ssl_is_used function to check ssl_in_use
instead of the OpenSSL specific 'ssl' pointer. It doesn't make any
difference currently, as sslinfo is only compiled when built with OpenSSL,
but seems cleaner anyway.

diff --git a/contrib/sslinfo/sslinfo.c b/contrib/sslinfo/sslinfo.c
index 641c3f0c845641f3dcc31e0bf4b9b7f765d97b96..da201bde33205dcc93a340a105fddc20ca968db9 100644 (file)
--- a/contrib/sslinfo/sslinfo.c
+++ b/contrib/sslinfo/sslinfo.c
@@ -35,7 +35,7 @@ PG_FUNCTION_INFO_V1(ssl_is_used);
 Datum
 ssl_is_used(PG_FUNCTION_ARGS)
 {
-       PG_RETURN_BOOL(MyProcPort->ssl != NULL);
+       PG_RETURN_BOOL(MyProcPort->ssl_in_use);
 }
 
 

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index 84da823ffab782fbaed1afd47d78a41f976e5f44..800dcd998087582014468e71ce9c401a074c61c7 100644 (file)
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -925,15 +925,13 @@ parse_hba_line(List *line, int line_num, char *raw_line)
                        return NULL;
 #endif
                }
-#ifdef USE_SSL
                else if (token->string[4] == 'n')               /* "hostnossl" */
                {
                        parsedline->conntype = ctHostNoSSL;
                }
-#endif
                else
                {
-                       /* "host", or "hostnossl" and SSL support not built in */
+                       /* "host" */
                        parsedline->conntype = ctHost;
                }
        }                                                       /* record type */
@@ -1684,7 +1682,6 @@ check_hba(hbaPort *port)
                                continue;
 
                        /* Check SSL state */
-#ifdef USE_SSL
                        if (port->ssl_in_use)
                        {
                                /* Connection is SSL, match both "host" and "hostssl" */
@@ -1697,11 +1694,6 @@ check_hba(hbaPort *port)
                                if (hba->conntype == ctHostSSL)
                                        continue;
                        }
-#else
-                       /* No SSL support, so reject "hostssl" lines */
-                       if (hba->conntype == ctHostSSL)
-                               continue;
-#endif
 
                        /* Check IP address */
                        switch (hba->ip_cmp_method)

diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h
index 34e52e44b0c83c6e847203e0f89e94e3e69478ce..e81f077f98f12909e4219855f65e31df1cc0e79f 100644 (file)
--- a/src/include/libpq/libpq-be.h
+++ b/src/include/libpq/libpq-be.h
@@ -184,14 +184,16 @@ typedef struct Port
 #endif
 
        /*
-        * SSL structures (keep these last so that the locations of other fields
-        * are the same whether or not you build with SSL)
+        * SSL structures.
         */
-#ifdef USE_SSL
        bool            ssl_in_use;
        char       *peer_cn;
        bool            peer_cert_valid;
-#endif
+
+       /*
+        * OpenSSL structures. (Keep these last so that the locations of other
+        * fields are the same whether or not you build with OpenSSL.)
+        */
 #ifdef USE_OPENSSL
        SSL                *ssl;
        X509       *peer;