From 78ab803402623cea42d6b68e084cbee03f3cd49d Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sat, 2 Mar 2002 00:49:22 +0000 Subject: [PATCH] Don't bother to request SSL connection over a Unix socket, since the postmaster won't accept the request anyway. (If your kernel can't be trusted, SSL will not help you.) --- src/interfaces/libpq/fe-connect.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 28eced2e9b..772e54b8db 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.181 2001/11/11 02:09:05 tgl Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.182 2002/03/02 00:49:22 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -309,7 +309,8 @@ PQconnectStart(const char *conninfo) conn->pgpass = tmp ? strdup(tmp) : NULL; #ifdef USE_SSL tmp = conninfo_getval(connOptions, "requiressl"); - conn->require_ssl = tmp ? (tmp[0] == '1' ? true : false) : false; + if (tmp && tmp[0] == '1') + conn->require_ssl = true; #endif /* @@ -504,8 +505,6 @@ PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, #ifdef USE_SSL if ((tmp = getenv("PGREQUIRESSL")) != NULL) conn->require_ssl = (tmp[0] == '1') ? true : false; - else - conn->require_ssl = 0; #endif if (error) @@ -871,6 +870,11 @@ connectDBStart(PGconn *conn) { UNIXSOCK_PATH(conn->raddr.un, portno, conn->pgunixsocket); conn->raddr_len = UNIXSOCK_LEN(conn->raddr.un); +#ifdef USE_SSL + /* Don't bother requesting SSL over a Unix socket */ + conn->allow_ssl_try = false; + conn->require_ssl = false; +#endif } #endif -- 2.40.0