Fix for STARTTLS+socket of postgresql

As noted in #1249 STARTTLS with sockets doesn't
work.

This commit fixes that by correcting the STARTTLS
handshake for postgresql. It has to be send via
sockets instead of echo. The server side then will
respond with "S" when STARTTLS is supported. For this
starttls_io() was slightly modified so that also
an input (from the server perspective) is not necessary.

It's fast too
This commit is contained in:
Dirk Wetter 2019-08-06 18:49:31 +02:00
parent 00d39693f3
commit 206c80aed5

View File

@ -9821,8 +9821,13 @@ starttls_io() {
[[ -n "$3" ]] && waitsleep=$3 [[ -n "$3" ]] && waitsleep=$3
[[ -z "$2" ]] && echo "FIXME $((LINENO))" [[ -z "$2" ]] && echo "FIXME $((LINENO))"
# If there's a sending part it's IO. Postgres sends via socket and replies via
# strings "S". So there's no I part of IO ;-)
if [[ -n "$1" ]]; then
debugme echo -en "C: \"$1\"" debugme echo -en "C: \"$1\""
echo -en "$1" >&5 echo -en "$1" >&5
fi
# This seems a bit dangerous but works. No blockings yet. "if=nonblock" doesn't work on BSDs # This seems a bit dangerous but works. No blockings yet. "if=nonblock" doesn't work on BSDs
buffer="$(dd bs=512 count=1 <&5 2>/dev/null)" buffer="$(dd bs=512 count=1 <&5 2>/dev/null)"
@ -10005,9 +10010,9 @@ starttls_nntp_dialog() {
starttls_postgres_dialog() { starttls_postgres_dialog() {
debugme echo "=== starting postgres STARTTLS dialog ===" debugme echo "=== starting postgres STARTTLS dialog ==="
local init_tls="\x00\x00\x00\x08\x04\xD2\x16\x2F" local init_tls=",x00, x00 ,x00 ,x08 ,x04 ,xD2 ,x16 ,x2F"
starttls_just_send "${init_tls}" && debugme echo "initiated STARTTLS" && socksend "${init_tls}" 0 && debugme echo "initiated STARTTLS" &&
starttls_full_read '' '' 'S' && debugme echo "received ack for STARTTLS" starttls_io "" S 1 && debugme echo "received ack for STARTTLS"
local ret=$? local ret=$?
debugme echo "=== finished postgres STARTTLS dialog with ${ret} ===" debugme echo "=== finished postgres STARTTLS dialog with ${ret} ==="
return $ret return $ret