Attempt to open certificate file "manually" using fopen before

trying BIO functions.
Helps problem with older versions of OpenSSL that lacks error
stack functions and would show an incorrect error message for
file-not-found-or-not-openable. The problem may still exist for
other errors, but file open error is by far the most common one.

1 files changed, 19 insertions, 2 deletions

diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c
index 4ab25ac59d1..59254218c94 100644
--- a/src/interfaces/libpq/fe-secure.c
+++ b/src/interfaces/libpq/fe-secure.c
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.97 2007/10/02 22:01:02 neilc Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.98 2007/10/03 13:57:52 mha Exp $
  *
  * NOTES
  *	  [ Most of these notes are wrong/obsolete, but perhaps not all ]
@@ -588,8 +588,8 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 
 #ifndef WIN32
 	struct stat buf2;
-	FILE		*fp;
 #endif
+	FILE		*fp;
 	char		fnbuf[MAXPGPATH];
 	BIO			*bio;
 	PGconn		*conn = (PGconn *) SSL_get_app_data(ssl);
@@ -607,6 +607,23 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 
 	/* read the user certificate */
 	snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
+
+	/* 
+	 * OpenSSL <= 0.8.2 lacks error stack handling. Do a separate check
+	 * for the existance of the file without using BIO functions to make
+	 * it pick up the majority of the cases with the old versions.
+	 */
+#ifndef HAVE_ERR_SET_MARK
+	if ((fp = fopen(fnbuf, "r")) == NULL)
+	{
+		printfPQExpBuffer(&conn->errorMessage,
+			   libpq_gettext("could not open certificate file \"%s\": %s\n"),
+						  fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf)));
+		return 0;
+	}
+	fclose(fp);
+#endif
+	
 	if ((bio = BIO_new_file(fnbuf, "r")) == NULL)
 	{
 		printfPQExpBuffer(&conn->errorMessage,