git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

Complain if pg_hba.conf contains "hostssl" but SSL is disabled.

2011年4月26日 19:40:14 +0000 (15:40 -0400)

Most commenters agreed that this is more friendly than silently failing
to match the line during actual connection attempts. Also, this will
prevent corner cases that might arise when trying to handle such a line
when the SSL code isn't turned on. An example is that specifying
clientcert=1 in such a line would formerly result in a completely
misleading complaint that root.crt wasn't present, as seen in a recent
report from Marc-Andre Laverdiere. While we could have instead fixed
that specific behavior, it seems likely that we'd have a continuing stream
of such bizarre behaviors if we keep on allowing hostssl lines when SSL is
disabled.

Back-patch to 8.4, where clientcert was introduced. Earlier versions don't
have this specific issue, and the code is enough different to make this
patch not applicable without more work than it seems worth.

src/backend/libpq/hba.c patch | blob | blame | history

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c

index c746c198f857301b2ad980e56e997a06a71bc556..49a45941701aa68de68e71f343ab2a19fabf9240 100644 (file)

--- a/src/backend/libpq/hba.c

+++ b/src/backend/libpq/hba.c

@@ -27,6 +27,7 @@

#include "libpq/ip.h"

#include "libpq/libpq.h"

+#include "postmaster/postmaster.h"

#include "regex/regex.h"

#include "replication/walsender.h"

#include "storage/fd.h"