Mercurial > hg > orthanc-databases

changeset 81:515a783630df

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
injecting fix to issue #105 into the mainline
author Sebastien Jodogne <s.jodogne@gmail.com>
date Thu, 10 Jan 2019 13:32:34 +0100
parents 714c5d2bee76
children 122f22550521 ff2d56d37bfd
files Framework/PostgreSQL/PostgreSQLParameters.cpp Framework/PostgreSQL/PostgreSQLParameters.h PostgreSQL/NEWS Resources/CMake/DatabasesFrameworkConfiguration.cmake Resources/CMake/PostgreSQLConfiguration.cmake
diffstat 5 files changed, 34 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/Framework/PostgreSQL/PostgreSQLParameters.cpp	Mon Dec 24 13:35:26 2018 +0100
+++ b/Framework/PostgreSQL/PostgreSQLParameters.cpp	Thu Jan 10 13:32:34 2019 +0100
@@ -37,6 +37,7 @@
     password_ = "";
     database_.clear();
     uri_.clear();
+    ssl_ = false;
     lock_ = true;
   }
 
@@ -84,6 +85,8 @@
       {
         SetPassword(s);
       }
+
+      ssl_ = configuration.GetBooleanValue("EnableSsl", false);
     }
 
     lock_ = configuration.GetBooleanValue("Lock", true);  // Use locking by default
@@ -174,7 +177,11 @@
   {
     if (uri_.empty())
     {
-      target = std::string("sslmode=disable") +  // TODO WHY SSL DOES NOT WORK? ("SSL error: wrong version number")
+      // Note about SSL: "require" means that "I want my data to be
+      // encrypted, and I accept the overhead. I trust that the
+      // network will make sure I always connect to the server I want."
+      // https://www.postgresql.org/docs/current/libpq-ssl.html
+      target = std::string(ssl_ ? "sslmode=require" : "sslmode=disable") +
         " user=" + username_ + 
         " host=" + host_ + 
         " port=" + boost::lexical_cast<std::string>(port_);
--- a/Framework/PostgreSQL/PostgreSQLParameters.h	Mon Dec 24 13:35:26 2018 +0100
+++ b/Framework/PostgreSQL/PostgreSQLParameters.h	Thu Jan 10 13:32:34 2019 +0100
@@ -38,6 +38,7 @@
     std::string  password_;
     std::string  database_;
     std::string  uri_;
+    bool         ssl_;
     bool         lock_;
 
     void Reset();
@@ -91,6 +92,16 @@
       return database_;
     }
 
+    void SetSsl(bool ssl)
+    {
+      ssl_ = ssl;
+    }
+
+    bool IsSsl() const
+    {
+      return ssl_;
+    }
+
     void SetLock(bool lock)
     {
       lock_ = lock;
--- a/PostgreSQL/NEWS	Mon Dec 24 13:35:26 2018 +0100
+++ b/PostgreSQL/NEWS	Thu Jan 10 13:32:34 2019 +0100
@@ -1,6 +1,8 @@
 Pending changes in the mainline
 ===============================
 
+* New configuration option: "EnableSsl"
+* Fix issue 105 (Unable to connect to PostgreSQL database using SSL)
 * Fix Debian issue #906771 (Uncaught exception prevents db intialization
   (likely related to pg_trgm))
 * Fix: Catching exceptions in destructors
--- a/Resources/CMake/DatabasesFrameworkConfiguration.cmake	Mon Dec 24 13:35:26 2018 +0100
+++ b/Resources/CMake/DatabasesFrameworkConfiguration.cmake	Thu Jan 10 13:32:34 2019 +0100
@@ -27,6 +27,7 @@
 endif()
 
 if (ENABLE_POSTGRESQL_BACKEND)
+  set(ENABLE_CRYPTO_OPTIONS ON)
   set(ENABLE_SSL ON)
   set(ENABLE_ZLIB ON)
 endif()
--- a/Resources/CMake/PostgreSQLConfiguration.cmake	Mon Dec 24 13:35:26 2018 +0100
+++ b/Resources/CMake/PostgreSQLConfiguration.cmake	Thu Jan 10 13:32:34 2019 +0100
@@ -230,6 +230,12 @@
     endif()
 
 
+    if (ENABLE_SSL)
+      set(HAVE_LIBSSL 1)
+      set(HAVE_SSL_GET_CURRENT_COMPRESSION 1)
+      set(USE_OPENSSL 1)
+    endif()
+
     execute_process(
       COMMAND 
       ${PYTHON_EXECUTABLE}
@@ -299,6 +305,12 @@
     ${LIBPQ_SOURCES_DIR}/src/backend/utils/mb/wchar.c
     )
 
+  if (ENABLE_SSL)
+    list(APPEND LIBPQ_SOURCES
+      ${LIBPQ_SOURCES_DIR}/src/interfaces/libpq/fe-secure-openssl.c
+      )
+  endif()
+
 
   if (CMAKE_SYSTEM_NAME STREQUAL "Linux")
     LIST(APPEND LIBPQ_SOURCES