From 98efa76fe313f62f84b94cd1f46c913c221b41fe Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Tue, 26 Jun 2018 10:19:35 +0200 Subject: [PATCH] Add ssl_library preset parameter This allows querying the SSL implementation used on the server side. It's analogous to using PQsslAttribute(conn, "library") in libpq. Reviewed-by: Daniel Gustafsson --- doc/src/sgml/config.sgml | 16 ++++++++++++++++ src/backend/libpq/be-secure.c | 1 + src/backend/utils/misc/guc.c | 15 +++++++++++++++ src/include/libpq/libpq.h | 1 + src/test/ssl/t/001_ssltests.pl | 7 ++++++- 5 files changed, 39 insertions(+), 1 deletion(-) diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 4d48d93305..bee4afbe4e 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -8401,6 +8401,22 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' + + ssl_library (string) + + ssl_library configuration parameter + + + + + Reports the name of the SSL library that this PostgreSQL server was + built with (even if SSL is not currently configured or in use on this + instance), for example OpenSSL, or an empty string + if none. + + + + wal_block_size (integer) diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index edfe2c0751..d349d7c2c7 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -38,6 +38,7 @@ #include "storage/proc.h" +char *ssl_library; char *ssl_cert_file; char *ssl_key_file; char *ssl_ca_file; diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index c123de1a59..c5ba149996 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -3723,6 +3723,21 @@ static struct config_string ConfigureNamesString[] = check_canonical_path, NULL, NULL }, + { + {"ssl_library", PGC_INTERNAL, PRESET_OPTIONS, + gettext_noop("Name of the SSL library."), + NULL, + GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE + }, + &ssl_library, +#ifdef USE_SSL + "OpenSSL", +#else + "", +#endif + NULL, NULL, NULL + }, + { {"ssl_cert_file", PGC_SIGHUP, CONN_AUTH_SSL, gettext_noop("Location of the SSL server certificate file."), diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h index 7bf06c65e9..36baf6b919 100644 --- a/src/include/libpq/libpq.h +++ b/src/include/libpq/libpq.h @@ -75,6 +75,7 @@ extern int pq_putbytes(const char *s, size_t len); /* * prototypes for functions in be-secure.c */ +extern char *ssl_library; extern char *ssl_cert_file; extern char *ssl_key_file; extern char *ssl_ca_file; diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index e550207454..2b875a3c95 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -8,7 +8,7 @@ use File::Copy; if ($ENV{with_openssl} eq 'yes') { - plan tests => 64; + plan tests => 65; } else { @@ -49,6 +49,11 @@ $node->init; $ENV{PGHOST} = $node->host; $ENV{PGPORT} = $node->port; $node->start; + +# Run this before we lock down access below. +my $result = $node->safe_psql('postgres', "SHOW ssl_library"); +is($result, 'OpenSSL', 'ssl_library parameter'); + configure_test_server_for_ssl($node, $SERVERHOSTADDR, 'trust'); note "testing password-protected keys"; -- 2.40.0