git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

Complain if pg_hba.conf contains "hostssl" but SSL is disabled.

2011年4月26日 19:40:11 +0000 (15:40 -0400)

Most commenters agreed that this is more friendly than silently failing
to match the line during actual connection attempts. Also, this will
prevent corner cases that might arise when trying to handle such a line
when the SSL code isn't turned on. An example is that specifying
clientcert=1 in such a line would formerly result in a completely
misleading complaint that root.crt wasn't present, as seen in a recent
report from Marc-Andre Laverdiere. While we could have instead fixed
that specific behavior, it seems likely that we'd have a continuing stream
of such bizarre behaviors if we keep on allowing hostssl lines when SSL is
disabled.

Back-patch to 8.4, where clientcert was introduced. Earlier versions don't
have this specific issue, and the code is enough different to make this
patch not applicable without more work than it seems worth.

src/backend/libpq/hba.c patch | blob | blame | history

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c

index f25505feb385f62b54d9b29654f8fab93c1ad375..2aaa898a6bf23da0abe0af8d866c67827674bc19 100644 (file)

--- a/src/backend/libpq/hba.c

+++ b/src/backend/libpq/hba.c

@@ -28,6 +28,7 @@

#include "catalog/pg_collation.h"

#include "libpq/ip.h"

#include "libpq/libpq.h"

+#include "postmaster/postmaster.h"

#include "regex/regex.h"

#include "replication/walsender.h"