Skip to content

Commit af0e79c

Browse files
michaelpqmichaelpq
committed
Move SSL information callback earlier to capture more information
The callback for retrieving state change information during connection setup was only installed when the connection was mostly set up, and thus didn't provide much information and missed all the details related to the handshake. This also extends the callback with SSL_state_string_long() to print more information about the state change within the SSL object handled. While there, fix some comments which were incorrectly referring to the callback and its previous location in fe-secure.c. Author: Daniel Gustafsson Discussion: https://postgr.es/m/232CF476-94E1-42F1-9408-719E2AEC5491@yesql.se
1 parent 27a48e5 commit af0e79c

File tree

3 files changed

+16
-18
lines changed

3 files changed

+16
-18
lines changed

src/backend/libpq/be-secure-openssl.c

+15-11
Original file line numberDiff line numberDiff line change
@@ -381,6 +381,9 @@ be_tls_open_server(Port *port)
381381
return -1;
382382
}
383383

384+
/* set up debugging/info callback */
385+
SSL_CTX_set_info_callback(SSL_context, info_cb);
386+
384387
if (!(port->ssl = SSL_new(SSL_context)))
385388
{
386389
ereport(COMMERROR,
@@ -562,9 +565,6 @@ be_tls_open_server(Port *port)
562565
port->peer_cert_valid = true;
563566
}
564567

565-
/* set up debugging/info callback */
566-
SSL_CTX_set_info_callback(SSL_context, info_cb);
567-
568568
return 0;
569569
}
570570

@@ -999,39 +999,43 @@ verify_cb(int ok, X509_STORE_CTX *ctx)
999999
static void
10001000
info_cb(const SSL *ssl, int type, int args)
10011001
{
1002+
const char *desc;
1003+
1004+
desc = SSL_state_string_long(ssl);
1005+
10021006
switch (type)
10031007
{
10041008
case SSL_CB_HANDSHAKE_START:
10051009
ereport(DEBUG4,
1006-
(errmsg_internal("SSL: handshake start")));
1010+
(errmsg_internal("SSL: handshake start: \"%s\"", desc)));
10071011
break;
10081012
case SSL_CB_HANDSHAKE_DONE:
10091013
ereport(DEBUG4,
1010-
(errmsg_internal("SSL: handshake done")));
1014+
(errmsg_internal("SSL: handshake done: \"%s\"", desc)));
10111015
break;
10121016
case SSL_CB_ACCEPT_LOOP:
10131017
ereport(DEBUG4,
1014-
(errmsg_internal("SSL: accept loop")));
1018+
(errmsg_internal("SSL: accept loop: \"%s\"", desc)));
10151019
break;
10161020
case SSL_CB_ACCEPT_EXIT:
10171021
ereport(DEBUG4,
1018-
(errmsg_internal("SSL: accept exit (%d)", args)));
1022+
(errmsg_internal("SSL: accept exit (%d): \"%s\"", args, desc)));
10191023
break;
10201024
case SSL_CB_CONNECT_LOOP:
10211025
ereport(DEBUG4,
1022-
(errmsg_internal("SSL: connect loop")));
1026+
(errmsg_internal("SSL: connect loop: \"%s\"", desc)));
10231027
break;
10241028
case SSL_CB_CONNECT_EXIT:
10251029
ereport(DEBUG4,
1026-
(errmsg_internal("SSL: connect exit (%d)", args)));
1030+
(errmsg_internal("SSL: connect exit (%d): \"%s\"", args, desc)));
10271031
break;
10281032
case SSL_CB_READ_ALERT:
10291033
ereport(DEBUG4,
1030-
(errmsg_internal("SSL: read alert (0x%04x)", args)));
1034+
(errmsg_internal("SSL: read alert (0x%04x): \"%s\"", args, desc)));
10311035
break;
10321036
case SSL_CB_WRITE_ALERT:
10331037
ereport(DEBUG4,
1034-
(errmsg_internal("SSL: write alert (0x%04x)", args)));
1038+
(errmsg_internal("SSL: write alert (0x%04x): \"%s\"", args, desc)));
10351039
break;
10361040
}
10371041
}

src/interfaces/libpq/fe-secure-openssl.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
* NOTES
1515
*
1616
* We don't provide informational callbacks here (like
17-
* info_cb() in be-secure.c), since there's no good mechanism to
17+
* info_cb() in be-secure-openssl.c), since there's no good mechanism to
1818
* display such information to the user.
1919
*
2020
*-------------------------------------------------------------------------

src/interfaces/libpq/fe-secure.c

-6
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,6 @@
1313
* IDENTIFICATION
1414
* src/interfaces/libpq/fe-secure.c
1515
*
16-
* NOTES
17-
*
18-
* We don't provide informational callbacks here (like
19-
* info_cb() in be-secure.c), since there's no good mechanism to
20-
* display such information to the user.
21-
*
2216
*-------------------------------------------------------------------------
2317
*/
2418

0 commit comments

Comments
 (0)