Re: new libpq SSL connection option

Magnus Hagander wrote:
> Alex Hunsaker wrote:
>> On Sat, Dec 27, 2008 at 11:50, Andrew Chernow <ac@esilo.com> wrote:
>>> Why does pqGetHomeDirectory have to succeed to use conn->sslrootcert. Maybe
>>> this should be an OR of the two since sslrootcert is not dependent on
>>> homedir?
>>>
>>> around line 970 src/interfaces/libpq/fe-secure.c
>>>
>>> if (conn->sslrootcert || pqGetHomeDirectory(homedir, sizeof(homedir)))>>
>> Certainly, did we miss anywhere else?
>> 

Yes, the homedir variable is used again later in the function.  homedir could be 
invalid since pqGetHomeDirectory might not get called.  Maybe something like 
below would do the trick:

/* when used, it can't be an empty string. */
*homedir = 0;

/* If either are NULL, homedir is needed */
if (!conn->sslrootcert || !conn->sslcrl)  pqGetHomeDirectory(homedir, sizeof(homedir));

/* one of them must be valid */
if (conn->sslrootcert || *homedir)


> I agree it looks strange.
> 
> That said, have you actually seen a case where pqGetHomeDirectory()
> fails? Or did you just notice the code?
> 

It can fail.  For non-windows systems, it can fail on pqGetpwuid; which equates 
to getpwuid or getpwuid_r failing.  On windows, it can fail on SHGetFolderPath.  I really have no idea how likely
eitherfailure case is.
 

-- 
Andrew Chernow
eSilo, LLC
every bit counts
http://www.esilo.com/