From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Fri, 12 May 2006 22:44:58 +0000 (+0000)
Subject: Fix the sense of the test on DH_check()'s return value.  This was preventing
X-Git-Tag: REL7_4_13~8
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c5c3d8c6dbd4eaa04daf471fce48a3ca06ae5dc1;p=postgresql

Fix the sense of the test on DH_check()'s return value.  This was preventing
custom-generated DH parameters from actually being used by the server.
Found by Michael Fuhr.
---

diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c
index bb99ab5016..0ee0bc1c82 100644
--- a/src/backend/libpq/be-secure.c
+++ b/src/backend/libpq/be-secure.c
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.43.2.2 2005/06/02 21:04:07 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.43.2.3 2006/05/12 22:44:58 tgl Exp $
  *
  *	  Since the server static private key ($DataDir/server.key)
  *	  will normally be stored unencrypted so that the database
@@ -505,7 +505,7 @@ load_dh_file(int keylength)
 	/* make sure the DH parameters are usable */
 	if (dh != NULL)
 	{
-		if (DH_check(dh, &codes))
+		if (DH_check(dh, &codes) == 0)
 		{
 			elog(LOG, "DH_check error (%s): %s", fnbuf, SSLerrmessage());
 			return NULL;