Refactor check for SSL connection

PQgetssl has been discouraged from use since postgres 9.5 since it
will risk false negatives if postgres supports other TLS libraries
than OpenSSL. Refactor to use PQsslInUse which has been available
since 9.5 for just this purpose.

diff --git a/configure.ac b/configure.ac
index 8453a29bd3508e37ab8ab541590af4ea224a56e9..090972a615b7cf33adfc81ecb708182053a36226 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -258,6 +258,8 @@ AC_C_CONST
 AC_FUNC_STRERROR_R
 AC_CHECK_FUNCS(strtoul strtoll strlcat mbstowcs wcstombs mbrtoc16 c16rtomb)
 
+AC_CHECK_FUNCS(PQsslInUse)
+
 if test "$enable_pthreads" = yes; then
   AC_CHECK_FUNCS(localtime_r strtok_r pthread_mutexattr_settype)
 

diff --git a/connection.c b/connection.c
index 070e043f23563eac7480767f68c4912ee8fda63a..02794ff2c845ce9fb141850fa95d476b08e51f6a 100644 (file)
--- a/connection.c
+++ b/connection.c
@@ -3263,10 +3263,13 @@ DLL_DECLARE int PgDtc_is_recovery_available(void *self, char *reason, int rsize)
    /*
     * Did we use SSL client certificate, SSPI, Kerberos or similar
     * authentication methods?
-    * There seems no way to check it directly.
     */
    doubtCert = FALSE;
+#ifdef HAVE_PQSSLINUSE
+   if (PQsslInUse(conn->pqconn))
+#else
    if (PQgetssl(conn->pqconn) != NULL)
+#endif
        doubtCert = TRUE;
 
    nameSize = sizeof(loginUser);