diff options
| author | Peter Eisentraut | 2018-01-19 00:53:22 +0000 |
|---|---|---|
| committer | Peter Eisentraut | 2018-01-23 12:11:39 +0000 |
| commit | f966101d19fcef6441e43da417467b3ed5ad3074 (patch) | |
| tree | 92ae8845d82cf11864592641e837ea93c7097ce0 /src/include/libpq | |
| parent | 573bd08b99e277026e87bb55ae69c489fab321b8 (diff) | |
Move SSL API comments to header files
Move the documentation of the SSL API calls are supposed to do into the
headers files, instead of keeping them in the files for the OpenSSL
implementation. That way, they don't have to be duplicated or be
inconsistent when other implementations are added.
Diffstat (limited to 'src/include/libpq')
| -rw-r--r-- | src/include/libpq/libpq-be.h | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h index a38849b0d0b..584f794b9e5 100644 --- a/src/include/libpq/libpq-be.h +++ b/src/include/libpq/libpq-be.h @@ -216,19 +216,65 @@ CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\ * These functions are implemented by the glue code specific to each * SSL implementation (e.g. be-secure-openssl.c) */ + +/* + * Initialize global SSL context. + * + * If isServerStart is true, report any errors as FATAL (so we don't return). + * Otherwise, log errors at LOG level and return -1 to indicate trouble, + * preserving the old SSL state if any. Returns 0 if OK. + */ extern int be_tls_init(bool isServerStart); + +/* + * Destroy global SSL context, if any. + */ extern void be_tls_destroy(void); + +/* + * Attempt to negotiate SSL connection. + */ extern int be_tls_open_server(Port *port); + +/* + * Close SSL connection. + */ extern void be_tls_close(Port *port); + +/* + * Read data from a secure connection. + */ extern ssize_t be_tls_read(Port *port, void *ptr, size_t len, int *waitfor); + +/* + * Write data to a secure connection. + */ extern ssize_t be_tls_write(Port *port, void *ptr, size_t len, int *waitfor); +/* + * Return information about the SSL connection. + */ extern int be_tls_get_cipher_bits(Port *port); extern bool be_tls_get_compression(Port *port); extern void be_tls_get_version(Port *port, char *ptr, size_t len); extern void be_tls_get_cipher(Port *port, char *ptr, size_t len); extern void be_tls_get_peerdn_name(Port *port, char *ptr, size_t len); + +/* + * Get the expected TLS Finished message information from the client, useful + * for authorization when doing channel binding. + * + * Result is a palloc'd copy of the TLS Finished message with its size. + */ extern char *be_tls_get_peer_finished(Port *port, size_t *len); + +/* + * Get the server certificate hash for SCRAM channel binding type + * tls-server-end-point. + * + * The result is a palloc'd hash of the server certificate with its + * size, and NULL if there is no certificate available. + */ extern char *be_tls_get_certificate_hash(Port *port, size_t *len); #endif |