mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Minor editorialization for be-secure.c: fix comments and some formatting

Browse Source 
infelicities.
This commit is contained in:
Tom Lane 2010-05-26 16:15:57 +00:00
parent c3bf3bf2aa
commit b1993a6108
1 changed files with 25 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/backend/libpq/be-secure.c
View File

@ -11,13 +11,13 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.100 2010/05/26 15:52:37 tgl Exp $ * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.101 2010/05/26 16:15:57 tgl Exp $
* *
* Since the server static private key ($DataDir/server.key) * Since the server static private key ($DataDir/server.key)
* will normally be stored unencrypted so that the database * will normally be stored unencrypted so that the database
* backend can restart automatically, it is important that * backend can restart automatically, it is important that
* we select an algorithm that continues to provide confidentiality * we select an algorithm that continues to provide confidentiality
* even if the attacker has the server's private key. Empheral * even if the attacker has the server's private key. Ephemeral
* DH (EDH) keys provide this, and in fact provide Perfect Forward * DH (EDH) keys provide this, and in fact provide Perfect Forward
* Secrecy (PFS) except for situations where the session can * Secrecy (PFS) except for situations where the session can
* be hijacked during a periodic handshake/renegotiation. * be hijacked during a periodic handshake/renegotiation.
@ -113,7 +113,7 @@ char *SSLCipherSuites = NULL;
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/* /*
* Hardcoded DH parameters, used in empheral DH keying. * Hardcoded DH parameters, used in ephemeral DH keying.
* As discussed above, EDH protects the confidentiality of * As discussed above, EDH protects the confidentiality of
* sessions even if the static private key is compromised, * sessions even if the static private key is compromised,
* so we are *highly* motivated to ensure that we can use * so we are *highly* motivated to ensure that we can use
@ -411,7 +411,6 @@ wloop:
* directly so it gets passed through the socket/signals layer on Win32. * directly so it gets passed through the socket/signals layer on Win32.
* *
* They are closely modelled on the original socket implementations in OpenSSL. * They are closely modelled on the original socket implementations in OpenSSL.
*
*/ */
static bool my_bio_initialized = false; static bool my_bio_initialized = false;
@ -501,7 +500,7 @@ err:
* to verify that the DBA-generated DH parameters file contains * to verify that the DBA-generated DH parameters file contains
* what we expect it to contain. * what we expect it to contain.
*/ */
static DH * static DH *
load_dh_file(int keylength) load_dh_file(int keylength)
{ {
FILE *fp; FILE *fp;
@ -559,7 +558,7 @@ load_dh_file(int keylength)
* To prevent problems if the DH parameters files don't even * To prevent problems if the DH parameters files don't even
* exist, we can load DH parameters hardcoded into this file. * exist, we can load DH parameters hardcoded into this file.
*/ */
static DH * static DH *
load_dh_buffer(const char *buffer, size_t len) load_dh_buffer(const char *buffer, size_t len)
{ {
BIO *bio; BIO *bio;
@ -579,7 +578,7 @@ load_dh_buffer(const char *buffer, size_t len)
} }
/* /*
* Generate an empheral DH key. Because this can take a long * Generate an ephemeral DH key. Because this can take a long
* time to compute, we can use precomputed parameters of the * time to compute, we can use precomputed parameters of the
* common key sizes. * common key sizes.
* *
@ -591,7 +590,7 @@ load_dh_buffer(const char *buffer, size_t len)
* the OpenSSL library can efficiently generate random keys from * the OpenSSL library can efficiently generate random keys from
* the information provided. * the information provided.
*/ */
static DH * static DH *
tmp_dh_cb(SSL *s, int is_export, int keylength) tmp_dh_cb(SSL *s, int is_export, int keylength)
{ {
DH *r = NULL; DH *r = NULL;
@ -737,7 +736,7 @@ initialize_SSL(void)
SSLerrmessage()))); SSLerrmessage())));
/* /*
* Load and verify certificate and private key * Load and verify server's certificate and private key
*/ */
if (SSL_CTX_use_certificate_chain_file(SSL_context, if (SSL_CTX_use_certificate_chain_file(SSL_context,
SERVER_CERT_FILE) != 1) SERVER_CERT_FILE) != 1)
@ -782,11 +781,11 @@ initialize_SSL(void)
SSLerrmessage()))); SSLerrmessage())));
} }
/* set up empheral DH keys */ /* set up ephemeral DH keys, and disallow SSL v2 while at it */
SSL_CTX_set_tmp_dh_callback(SSL_context, tmp_dh_cb); SSL_CTX_set_tmp_dh_callback(SSL_context, tmp_dh_cb);
SSL_CTX_set_options(SSL_context, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2); SSL_CTX_set_options(SSL_context, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2);
/* setup the allowed cipher list */ /* set up the allowed cipher list */
if (SSL_CTX_set_cipher_list(SSL_context, SSLCipherSuites) != 1) if (SSL_CTX_set_cipher_list(SSL_context, SSLCipherSuites) != 1)
elog(FATAL, "could not set the cipher list (no valid ciphers available)"); elog(FATAL, "could not set the cipher list (no valid ciphers available)");
@ -794,42 +793,38 @@ initialize_SSL(void)
* Attempt to load CA store, so we can verify client certificates if * Attempt to load CA store, so we can verify client certificates if
* needed. * needed.
*/ */
if (access(ROOT_CERT_FILE, R_OK)) ssl_loaded_verify_locations = false;
{
ssl_loaded_verify_locations = false;
if (access(ROOT_CERT_FILE, R_OK) != 0)
{
/* /*
* If root certificate file simply not found. Don't log an error here, * If root certificate file simply not found, don't log an error here,
* because it's quite likely the user isn't planning on using client * because it's quite likely the user isn't planning on using client
* certificates. If we can't access it for other reasons, it is an * certificates. If we can't access it for other reasons, it is an
* error. * error.
*/ */
if (errno != ENOENT) if (errno != ENOENT)
{
ereport(FATAL, ereport(FATAL,
(errmsg("could not access root certificate file \"%s\": %m", (errmsg("could not access root certificate file \"%s\": %m",
ROOT_CERT_FILE))); ROOT_CERT_FILE)));
}
} }
else if (SSL_CTX_load_verify_locations(SSL_context, ROOT_CERT_FILE, NULL) != 1 || else if (SSL_CTX_load_verify_locations(SSL_context, ROOT_CERT_FILE, NULL) != 1 ||
(root_cert_list = SSL_load_client_CA_file(ROOT_CERT_FILE)) == NULL) (root_cert_list = SSL_load_client_CA_file(ROOT_CERT_FILE)) == NULL)
{ {
/* /*
* File was there, but we could not load it. This means the file is * File was there, but we could not load it. This means the file is
* somehow broken, and we cannot do verification at all - so abort * somehow broken, and we cannot do verification at all - so fail.
* here.
*/ */
ssl_loaded_verify_locations = false;
ereport(FATAL, ereport(FATAL,
(errmsg("could not load root certificate file \"%s\": %s", (errmsg("could not load root certificate file \"%s\": %s",
ROOT_CERT_FILE, SSLerrmessage()))); ROOT_CERT_FILE, SSLerrmessage())));
} }
else else
{ {
/* /*----------
* Check the Certificate Revocation List (CRL) if file exists. * Load the Certificate Revocation List (CRL) if file exists.
* http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci803160, * http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci803160,00.html
* 00.html *----------
*/ */
X509_STORE *cvstore = SSL_CTX_get_cert_store(SSL_context); X509_STORE *cvstore = SSL_CTX_get_cert_store(SSL_context);
@ -837,7 +832,8 @@ initialize_SSL(void)
{ {
/* Set the flags to check against the complete CRL chain */ /* Set the flags to check against the complete CRL chain */
if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) == 1) if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) == 1)
/* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */ {
/* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
#ifdef X509_V_FLAG_CRL_CHECK #ifdef X509_V_FLAG_CRL_CHECK
X509_STORE_set_flags(cvstore, X509_STORE_set_flags(cvstore,
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
@ -847,6 +843,7 @@ initialize_SSL(void)
ROOT_CRL_FILE), ROOT_CRL_FILE),
errdetail("SSL library does not support certificate revocation lists."))); errdetail("SSL library does not support certificate revocation lists.")));
#endif #endif
}
else else
{ {
/* Not fatal - we do not require CRL */ /* Not fatal - we do not require CRL */
@ -858,14 +855,15 @@ initialize_SSL(void)
/* /*
* Always ask for SSL client cert, but don't fail if it's not * Always ask for SSL client cert, but don't fail if it's not
* presented. We'll fail later in this case, based on what we find * presented. We might fail such connections later, depending on
* in pg_hba.conf. * what we find in pg_hba.conf.
*/ */
SSL_CTX_set_verify(SSL_context, SSL_CTX_set_verify(SSL_context,
(SSL_VERIFY_PEER | (SSL_VERIFY_PEER |
SSL_VERIFY_CLIENT_ONCE), SSL_VERIFY_CLIENT_ONCE),
verify_cb); verify_cb);
/* Set flag to remember CA store is successfully loaded */
ssl_loaded_verify_locations = true; ssl_loaded_verify_locations = true;
} }