diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/be-secure.c | 16 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-secure.c | 8 | 
2 files changed, 12 insertions, 12 deletions
| diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index 10c3aa79434..d7cf20ccf09 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@   *   *   * IDENTIFICATION - *	  $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.89 2009/01/01 17:23:42 momjian Exp $ + *	  $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.90 2009/01/28 15:06:47 mha Exp $   *   *	  Since the server static private key ($DataDir/server.key)   *	  will normally be stored unencrypted so that the database @@ -729,9 +729,9 @@ initialize_SSL(void)  		/*  		 * Load and verify certificate and private key  		 */ -		if (!SSL_CTX_use_certificate_file(SSL_context, +		if (SSL_CTX_use_certificate_file(SSL_context,  										  SERVER_CERT_FILE, -										  SSL_FILETYPE_PEM)) +										  SSL_FILETYPE_PEM) != 1)  			ereport(FATAL,  					(errcode(ERRCODE_CONFIG_FILE_ERROR),  				  errmsg("could not load server certificate file \"%s\": %s", @@ -760,14 +760,14 @@ initialize_SSL(void)  					 errdetail("Permissions should be u=rw (0600) or less.")));  #endif -		if (!SSL_CTX_use_PrivateKey_file(SSL_context, +		if (SSL_CTX_use_PrivateKey_file(SSL_context,  										 SERVER_PRIVATE_KEY_FILE, -										 SSL_FILETYPE_PEM)) +										 SSL_FILETYPE_PEM) != 1)  			ereport(FATAL,  					(errmsg("could not load private key file \"%s\": %s",  							SERVER_PRIVATE_KEY_FILE, SSLerrmessage()))); -		if (!SSL_CTX_check_private_key(SSL_context)) +		if (SSL_CTX_check_private_key(SSL_context) != 1)  			ereport(FATAL,  					(errmsg("check of private key failed: %s",  							SSLerrmessage()))); @@ -800,7 +800,7 @@ initialize_SSL(void)  							ROOT_CERT_FILE)));  		}  	} -	else if (!SSL_CTX_load_verify_locations(SSL_context, ROOT_CERT_FILE, NULL)) +	else if (SSL_CTX_load_verify_locations(SSL_context, ROOT_CERT_FILE, NULL) != 1)  	{  		/*  		 * File was there, but we could not load it. This means the file is somehow @@ -823,7 +823,7 @@ initialize_SSL(void)  		if (cvstore)  		{  			/* Set the flags to check against the complete CRL chain */ -			if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) != 0) +			if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) == 1)  /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */  #ifdef X509_V_FLAG_CRL_CHECK  				X509_STORE_set_flags(cvstore, diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index 2d5eff7dee1..de3a71cca0c 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -11,7 +11,7 @@   *   *   * IDENTIFICATION - *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.118 2009/01/19 17:17:50 tgl Exp $ + *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.119 2009/01/28 15:06:47 mha Exp $   *   * NOTES   * @@ -757,7 +757,7 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)  	}  	/* verify that the cert and key go together */ -	if (!X509_check_private_key(*x509, *pkey)) +	if (X509_check_private_key(*x509, *pkey) != 1)  	{  		char	   *err = SSLerrmessage(); @@ -1004,7 +1004,7 @@ initialize_SSL(PGconn *conn)  	{  		X509_STORE *cvstore; -		if (!SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL)) +		if (SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL) != 1)  		{  			char	   *err = SSLerrmessage(); @@ -1023,7 +1023,7 @@ initialize_SSL(PGconn *conn)  				snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOT_CRL_FILE);  			/* setting the flags to check against the complete CRL chain */ -			if (X509_STORE_load_locations(cvstore, fnbuf, NULL) != 0) +			if (X509_STORE_load_locations(cvstore, fnbuf, NULL) == 1)  /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */  #ifdef X509_V_FLAG_CRL_CHECK  				X509_STORE_set_flags(cvstore, | 
