← Back to branch summary

~ubuntu-branches/ubuntu/karmic/postgresql-8.4/karmic-security

« back to all changes in this revision

Viewing changes to src/interfaces/libpq/fe-secure.c

  • Committer: Bazaar Package Importer
  • Author(s): Martin Pitt
  • Date: 2009-05-05 00:58:06 UTC
  • mfrom: (1.1.2 upstream)
  • Revision ID: james.westby@ubuntu.com-20090505005806-c19tt7oyqb7kuw49
Tags: 8.4~beta1+cvs20090503-1
New upstream snapshot.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/interfaces/libpq/fe-secure.c
523
523
         * If told not to verify the peer name, don't do it. Return
524
524
         * 0 indicating that the verification was successful.
525
525
         */
526
 
        if(strcmp(conn->sslverify, "cn") != 0)
 
526
        if (strcmp(conn->sslmode, "verify-full") != 0)
527
527
                return true;
528
528
 
529
529
        if (conn->pghostaddr)
987
987
                return -1;
988
988
 
989
989
        /*
990
 
         * If sslverify is set to anything other than "none", perform certificate
991
 
         * verification. If set to "cn" we will also do further verifications after
992
 
         * the connection has been completed.
 
990
         * If sslmode is set to one of the verify options, perform certificate
 
991
         * verification. If set to "verify-full" we will also do further
 
992
         * verification after the connection has been completed.
993
993
         *
994
994
         * If we are going to look for either root certificate or CRL in the home directory,
995
995
         * we need pqGetHomeDirectory() to succeed. In other cases, we don't need to
999
999
        {
1000
1000
                if (!pqGetHomeDirectory(homedir, sizeof(homedir)))
1001
1001
                {
1002
 
                        if (strcmp(conn->sslverify, "none") != 0)
 
1002
                        if (conn->sslmode[0] == 'v') /* "verify-ca" or "verify-full" */
1003
1003
                        {
1004
1004
                                printfPQExpBuffer(&conn->errorMessage,
1005
1005
                                                                  libpq_gettext("could not get home directory to locate root certificate file"));
1064
1064
        else
1065
1065
        {
1066
1066
                /* stat() failed; assume cert file doesn't exist */
1067
 
                if (strcmp(conn->sslverify, "none") != 0)
 
1067
                if (conn->sslmode[0] == 'v') /* "verify-ca" or "verify-full" */
1068
1068
                {
1069
1069
                        printfPQExpBuffer(&conn->errorMessage,
1070
 
                                                          libpq_gettext("root certificate file \"%s\" does not exist"), fnbuf);
 
1070
                                                          libpq_gettext("root certificate file \"%s\" does not exist\n"
 
1071
                                                          "Either supply the file or set sslverify to \"none\" to disable server certificate verification.\n"), fnbuf);
1071
1072
                        return -1;
1072
1073
                }
1073
1074
        }