I just noticed that if you have libpq with SSL support, but psql
without, we don't print any SSL information at all. Would it be
worthwhile to have it print that SSL is in use, even if we can't print
the details about the connection?
It's not something that's very common outside development scenarios, but
it would be trivial to implement. And the net would probably be a
code-win, since we could remove a number of #ifdef USE_SSL and replace
them with one - see attached (untested so may have typos) patch.
//Magnus
diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
index 84d3725..b8e18cb 100644
--- a/src/bin/psql/command.c
+++ b/src/bin/psql/command.c
@@ -64,9 +64,7 @@ static bool lookup_function_oid(PGconn *conn, const char *desc, Oid *foid);
static bool get_create_function_cmd(PGconn *conn, Oid oid, PQExpBuffer buf);
static void minimal_error_message(PGresult *res);
-#ifdef USE_SSL
static void printSSLInfo(void);
-#endif
#ifdef WIN32
static void checkWin32Codepage(void);
@@ -1327,9 +1325,7 @@ connection_warnings(void)
#ifdef WIN32
checkWin32Codepage();
#endif
-#ifdef USE_SSL
printSSLInfo();
-#endif
}
}
@@ -1339,10 +1335,10 @@ connection_warnings(void)
*
* Prints information about the current SSL connection, if SSL is in use
*/
-#ifdef USE_SSL
static void
printSSLInfo(void)
{
+#ifdef USE_SSL
int sslbits = -1;
SSL *ssl;
@@ -1353,8 +1349,11 @@ printSSLInfo(void)
SSL_get_cipher_bits(ssl, &sslbits);
printf(_("SSL connection (cipher: %s, bits: %i)\n"),
SSL_get_cipher(ssl), sslbits);
-}
+#else
+ if (PQgetssl(pset.db))
+ printf(_("SSL connection\n"));
#endif
+}
/*
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
