Don't bother to request SSL connection over a Unix socket, since the

postmaster won't accept the request anyway.  (If your kernel can't
be trusted, SSL will not help you.)

1 files changed, 8 insertions, 4 deletions

diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 28eced2e9b0..772e54b8dba 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.181 2001/11/11 02:09:05 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.182 2002/03/02 00:49:22 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -309,7 +309,8 @@ PQconnectStart(const char *conninfo)
 	conn->pgpass = tmp ? strdup(tmp) : NULL;
 #ifdef USE_SSL
 	tmp = conninfo_getval(connOptions, "requiressl");
-	conn->require_ssl = tmp ? (tmp[0] == '1' ? true : false) : false;
+	if (tmp && tmp[0] == '1')
+		conn->require_ssl = true;
 #endif
 
 	/*
@@ -504,8 +505,6 @@ PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions,
 #ifdef USE_SSL
 	if ((tmp = getenv("PGREQUIRESSL")) != NULL)
 		conn->require_ssl = (tmp[0] == '1') ? true : false;
-	else
-		conn->require_ssl = 0;
 #endif
 
 	if (error)
@@ -871,6 +870,11 @@ connectDBStart(PGconn *conn)
 	{
 		UNIXSOCK_PATH(conn->raddr.un, portno, conn->pgunixsocket);
 		conn->raddr_len = UNIXSOCK_LEN(conn->raddr.un);
+#ifdef USE_SSL
+		/* Don't bother requesting SSL over a Unix socket */
+		conn->allow_ssl_try = false;
+		conn->require_ssl = false;
+#endif
 	}
 #endif