aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/interfaces/libpq/fe-connect.c38
-rw-r--r--src/interfaces/libpq/fe-secure-openssl.c16
-rw-r--r--src/interfaces/libpq/libpq-int.h4
-rw-r--r--src/test/ssl/t/001_ssltests.pl12
4 files changed, 35 insertions, 35 deletions
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 0157c619aac..23be9a66cb2 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -320,13 +320,13 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
"Require-Peer", "", 10,
offsetof(struct pg_conn, requirepeer)},
- {"sslminprotocolversion", "PGSSLMINPROTOCOLVERSION", NULL, NULL,
+ {"ssl_min_protocol_version", "PGSSLMINPROTOCOLVERSION", NULL, NULL,
"SSL-Minimum-Protocol-Version", "", 8, /* sizeof("TLSv1.x") == 8 */
- offsetof(struct pg_conn, sslminprotocolversion)},
+ offsetof(struct pg_conn, ssl_min_protocol_version)},
- {"sslmaxprotocolversion", "PGSSLMAXPROTOCOLVERSION", NULL, NULL,
+ {"ssl_max_protocol_version", "PGSSLMAXPROTOCOLVERSION", NULL, NULL,
"SSL-Maximum-Protocol-Version", "", 8, /* sizeof("TLSv1.x") == 8 */
- offsetof(struct pg_conn, sslmaxprotocolversion)},
+ offsetof(struct pg_conn, ssl_max_protocol_version)},
/*
* As with SSL, all GSS options are exposed even in builds that don't have
@@ -1301,23 +1301,23 @@ connectOptions2(PGconn *conn)
}
/*
- * Validate TLS protocol versions for sslminprotocolversion and
- * sslmaxprotocolversion.
+ * Validate TLS protocol versions for ssl_min_protocol_version and
+ * ssl_max_protocol_version.
*/
- if (!sslVerifyProtocolVersion(conn->sslminprotocolversion))
+ if (!sslVerifyProtocolVersion(conn->ssl_min_protocol_version))
{
conn->status = CONNECTION_BAD;
printfPQExpBuffer(&conn->errorMessage,
- libpq_gettext("invalid sslminprotocolversion value: \"%s\"\n"),
- conn->sslminprotocolversion);
+ libpq_gettext("invalid ssl_min_protocol_version value: \"%s\"\n"),
+ conn->ssl_min_protocol_version);
return false;
}
- if (!sslVerifyProtocolVersion(conn->sslmaxprotocolversion))
+ if (!sslVerifyProtocolVersion(conn->ssl_max_protocol_version))
{
conn->status = CONNECTION_BAD;
printfPQExpBuffer(&conn->errorMessage,
- libpq_gettext("invalid sslmaxprotocolversion value: \"%s\"\n"),
- conn->sslmaxprotocolversion);
+ libpq_gettext("invalid ssl_max_protocol_version value: \"%s\"\n"),
+ conn->ssl_max_protocol_version);
return false;
}
@@ -1328,8 +1328,8 @@ connectOptions2(PGconn *conn)
* already-built SSL context when the connection is being established, as
* it would be doomed anyway.
*/
- if (!sslVerifyProtocolRange(conn->sslminprotocolversion,
- conn->sslmaxprotocolversion))
+ if (!sslVerifyProtocolRange(conn->ssl_min_protocol_version,
+ conn->ssl_max_protocol_version))
{
conn->status = CONNECTION_BAD;
printfPQExpBuffer(&conn->errorMessage,
@@ -4046,10 +4046,10 @@ freePGconn(PGconn *conn)
free(conn->sslcompression);
if (conn->requirepeer)
free(conn->requirepeer);
- if (conn->sslminprotocolversion)
- free(conn->sslminprotocolversion);
- if (conn->sslmaxprotocolversion)
- free(conn->sslmaxprotocolversion);
+ if (conn->ssl_min_protocol_version)
+ free(conn->ssl_min_protocol_version);
+ if (conn->ssl_max_protocol_version)
+ free(conn->ssl_max_protocol_version);
if (conn->gssencmode)
free(conn->gssencmode);
if (conn->krbsrvname)
@@ -7120,7 +7120,7 @@ pgpassfileWarning(PGconn *conn)
/*
* Check if the SSL procotol value given in input is valid or not.
* This is used as a sanity check routine for the connection parameters
- * sslminprotocolversion and sslmaxprotocolversion.
+ * ssl_min_protocol_version and ssl_max_protocol_version.
*/
static bool
sslVerifyProtocolVersion(const char *version)
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 731aa23c553..ddeeb606f5b 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -842,18 +842,18 @@ initialize_SSL(PGconn *conn)
SSL_CTX_set_options(SSL_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
/* Set the minimum and maximum protocol versions if necessary */
- if (conn->sslminprotocolversion &&
- strlen(conn->sslminprotocolversion) != 0)
+ if (conn->ssl_min_protocol_version &&
+ strlen(conn->ssl_min_protocol_version) != 0)
{
int ssl_min_ver;
- ssl_min_ver = ssl_protocol_version_to_openssl(conn->sslminprotocolversion);
+ ssl_min_ver = ssl_protocol_version_to_openssl(conn->ssl_min_protocol_version);
if (ssl_min_ver == -1)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("invalid value \"%s\" for minimum version of SSL protocol\n"),
- conn->sslminprotocolversion);
+ conn->ssl_min_protocol_version);
SSL_CTX_free(SSL_context);
return -1;
}
@@ -871,18 +871,18 @@ initialize_SSL(PGconn *conn)
}
}
- if (conn->sslmaxprotocolversion &&
- strlen(conn->sslmaxprotocolversion) != 0)
+ if (conn->ssl_max_protocol_version &&
+ strlen(conn->ssl_max_protocol_version) != 0)
{
int ssl_max_ver;
- ssl_max_ver = ssl_protocol_version_to_openssl(conn->sslmaxprotocolversion);
+ ssl_max_ver = ssl_protocol_version_to_openssl(conn->ssl_max_protocol_version);
if (ssl_max_ver == -1)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("invalid value \"%s\" for maximum version of SSL protocol\n"),
- conn->sslmaxprotocolversion);
+ conn->ssl_max_protocol_version);
SSL_CTX_free(SSL_context);
return -1;
}
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index 72931e60195..1de91ae295b 100644
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -367,8 +367,8 @@ struct pg_conn
char *krbsrvname; /* Kerberos service name */
char *gsslib; /* What GSS library to use ("gssapi" or
* "sspi") */
- char *sslminprotocolversion; /* minimum TLS protocol version */
- char *sslmaxprotocolversion; /* maximum TLS protocol version */
+ char *ssl_min_protocol_version; /* minimum TLS protocol version */
+ char *ssl_max_protocol_version; /* maximum TLS protocol version */
/* Type of connection to make. Possible values: any, read-write. */
char *target_session_attrs;
diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
index d035ac7fc97..3e68a49ca93 100644
--- a/src/test/ssl/t/001_ssltests.pl
+++ b/src/test/ssl/t/001_ssltests.pl
@@ -357,22 +357,22 @@ command_like(
# Test min/max SSL protocol versions.
test_connect_ok(
$common_connstr,
- "sslrootcert=ssl/root+server_ca.crt sslmode=require sslminprotocolversion=TLSv1.2 sslmaxprotocolversion=TLSv1.2",
+ "sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_min_protocol_version=TLSv1.2 ssl_max_protocol_version=TLSv1.2",
"connection success with correct range of TLS protocol versions");
test_connect_fails(
$common_connstr,
- "sslrootcert=ssl/root+server_ca.crt sslmode=require sslminprotocolversion=TLSv1.2 sslmaxprotocolversion=TLSv1.1",
+ "sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_min_protocol_version=TLSv1.2 ssl_max_protocol_version=TLSv1.1",
qr/invalid SSL protocol version range/,
"connection failure with incorrect range of TLS protocol versions");
test_connect_fails(
$common_connstr,
- "sslrootcert=ssl/root+server_ca.crt sslmode=require sslminprotocolversion=incorrect_tls",
- qr/invalid sslminprotocolversion value/,
+ "sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_min_protocol_version=incorrect_tls",
+ qr/invalid ssl_min_protocol_version value/,
"connection failure with an incorrect SSL protocol minimum bound");
test_connect_fails(
$common_connstr,
- "sslrootcert=ssl/root+server_ca.crt sslmode=require sslmaxprotocolversion=incorrect_tls",
- qr/invalid sslmaxprotocolversion value/,
+ "sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_max_protocol_version=incorrect_tls",
+ qr/invalid ssl_max_protocol_version value/,
"connection failure with an incorrect SSL protocol maximum bound");
### Server-side tests.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-25 21:59:21 +0000