# HG changeset patch # User Sebastien Jodogne # Date 1547123554 -3600 # Node ID 515a783630dfb4654014994a3d35b606e117b85a # Parent 714c5d2bee766f2b0bf622f99e9222b9d9d3d425 injecting fix to issue 105 into the mainline diff -r 714c5d2bee76 -r 515a783630df Framework/PostgreSQL/PostgreSQLParameters.cpp --- a/Framework/PostgreSQL/PostgreSQLParameters.cpp Mon Dec 24 13:35:26 2018 +0100 +++ b/Framework/PostgreSQL/PostgreSQLParameters.cpp Thu Jan 10 13:32:34 2019 +0100 @@ -37,6 +37,7 @@ password_ = ""; database_.clear(); uri_.clear(); + ssl_ = false; lock_ = true; } @@ -84,6 +85,8 @@ { SetPassword(s); } + + ssl_ = configuration.GetBooleanValue("EnableSsl", false); } lock_ = configuration.GetBooleanValue("Lock", true); // Use locking by default @@ -174,7 +177,11 @@ { if (uri_.empty()) { - target = std::string("sslmode=disable") + // TODO WHY SSL DOES NOT WORK? ("SSL error: wrong version number") + // Note about SSL: "require" means that "I want my data to be + // encrypted, and I accept the overhead. I trust that the + // network will make sure I always connect to the server I want." + // https://www.postgresql.org/docs/current/libpq-ssl.html + target = std::string(ssl_ ? "sslmode=require" : "sslmode=disable") + " user=" + username_ + " host=" + host_ + " port=" + boost::lexical_cast(port_); diff -r 714c5d2bee76 -r 515a783630df Framework/PostgreSQL/PostgreSQLParameters.h --- a/Framework/PostgreSQL/PostgreSQLParameters.h Mon Dec 24 13:35:26 2018 +0100 +++ b/Framework/PostgreSQL/PostgreSQLParameters.h Thu Jan 10 13:32:34 2019 +0100 @@ -38,6 +38,7 @@ std::string password_; std::string database_; std::string uri_; + bool ssl_; bool lock_; void Reset(); @@ -91,6 +92,16 @@ return database_; } + void SetSsl(bool ssl) + { + ssl_ = ssl; + } + + bool IsSsl() const + { + return ssl_; + } + void SetLock(bool lock) { lock_ = lock; diff -r 714c5d2bee76 -r 515a783630df PostgreSQL/NEWS --- a/PostgreSQL/NEWS Mon Dec 24 13:35:26 2018 +0100 +++ b/PostgreSQL/NEWS Thu Jan 10 13:32:34 2019 +0100 @@ -1,6 +1,8 @@ Pending changes in the mainline =============================== +* New configuration option: "EnableSsl" +* Fix issue 105 (Unable to connect to PostgreSQL database using SSL) * Fix Debian issue #906771 (Uncaught exception prevents db intialization (likely related to pg_trgm)) * Fix: Catching exceptions in destructors diff -r 714c5d2bee76 -r 515a783630df Resources/CMake/DatabasesFrameworkConfiguration.cmake --- a/Resources/CMake/DatabasesFrameworkConfiguration.cmake Mon Dec 24 13:35:26 2018 +0100 +++ b/Resources/CMake/DatabasesFrameworkConfiguration.cmake Thu Jan 10 13:32:34 2019 +0100 @@ -27,6 +27,7 @@ endif() if (ENABLE_POSTGRESQL_BACKEND) + set(ENABLE_CRYPTO_OPTIONS ON) set(ENABLE_SSL ON) set(ENABLE_ZLIB ON) endif() diff -r 714c5d2bee76 -r 515a783630df Resources/CMake/PostgreSQLConfiguration.cmake --- a/Resources/CMake/PostgreSQLConfiguration.cmake Mon Dec 24 13:35:26 2018 +0100 +++ b/Resources/CMake/PostgreSQLConfiguration.cmake Thu Jan 10 13:32:34 2019 +0100 @@ -230,6 +230,12 @@ endif() + if (ENABLE_SSL) + set(HAVE_LIBSSL 1) + set(HAVE_SSL_GET_CURRENT_COMPRESSION 1) + set(USE_OPENSSL 1) + endif() + execute_process( COMMAND ${PYTHON_EXECUTABLE} @@ -299,6 +305,12 @@ ${LIBPQ_SOURCES_DIR}/src/backend/utils/mb/wchar.c ) + if (ENABLE_SSL) + list(APPEND LIBPQ_SOURCES + ${LIBPQ_SOURCES_DIR}/src/interfaces/libpq/fe-secure-openssl.c + ) + endif() + if (CMAKE_SYSTEM_NAME STREQUAL "Linux") LIST(APPEND LIBPQ_SOURCES