The following bug has been logged online: Bug reference: 4869 Logged by: Lars Kanis Email address: ka...@comcard.de PostgreSQL version: 8.4rc1 Operating system: Linux c1170lx 2.6.24-23-generic #1 SMP Wed Apr 1 21:47:28 UTC 2009 i686 GNU/Linux Description: No proper initialization of OpenSSL-Engine in libpq Details:
When using OpenSSL-engine pkcs11 with PGSSLKEY=pkcs11:id_45 the authentication to the PG-server fails with "engine not initialized". According to the OpenSSL-docs (http://www.openssl.org/docs/crypto/engine.html) the structural reference returned by ENGINE_by_id needs to be initialized first before use. The buildin engine doesn't need this, but most of external engines don't work otherwise. Moreover the structural and functional references should be freed in any case. The following patch solves the problem: diff -ur postgresql-8.4rc1.orig/src/interfaces/libpq/fe-secure.c postgresql-8.4rc1/src/interfaces/libpq/fe-secure.c --- postgresql-8.4rc1.orig/src/interfaces/libpq/fe-secure.c 2009-06-11 16:49:14.000000000 +0200 +++ postgresql-8.4rc1/src/interfaces/libpq/fe-secure.c 2009-06-22 10:56:38.000000000 +0200 @@ -689,6 +689,20 @@ ERR_pop_to_mark(); return 0; } + + if (ENGINE_init(engine_ptr) == 0) + { + char *err = SSLerrmessage(); + + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("could not initialize SSL engine \"%s\": %s\n"), + engine_str, err); + SSLerrfree(err); + ENGINE_free(engine_ptr); + free(engine_str); + ERR_pop_to_mark(); + return 0; + } *pkey = ENGINE_load_private_key(engine_ptr, engine_colon, NULL, NULL); @@ -700,6 +714,8 @@ libpq_gettext("could not read private SSL key \"%s\" from engine \"%s\": %s\n"), engine_colon, engine_str, err); SSLerrfree(err); + ENGINE_finish(engine_ptr); + ENGINE_free(engine_ptr); free(engine_str); ERR_pop_to_mark(); return 0; -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
