*** pgsql/src/backend/libpq/be-secure.c	2007/05/18 01:20:48	1.43.2.4
--- pgsql/src/backend/libpq/be-secure.c	2009/01/28 15:06:48	1.43.2.5
***************
*** 11,17 ****
   *
   *
   * IDENTIFICATION
!  *	  $Header: /projects/cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.43.2.4 2007/05/18 01:20:48 tgl Exp $
   *
   *	  Since the server static private key ($DataDir/server.key)
   *	  will normally be stored unencrypted so that the database
--- 11,17 ----
   *
   *
   * IDENTIFICATION
!  *	  $Header: /projects/cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.43.2.5 2009/01/28 15:06:48 mha Exp $
   *
   *	  Since the server static private key ($DataDir/server.key)
   *	  will normally be stored unencrypted so that the database
*************** initialize_SSL(void)
*** 700,706 ****
  		 * Load and verify certificate and private key
  		 */
  		snprintf(fnbuf, sizeof(fnbuf), "%s/server.crt", DataDir);
! 		if (!SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
  			ereport(FATAL,
  					(errcode(ERRCODE_CONFIG_FILE_ERROR),
  			  errmsg("could not load server certificate file \"%s\": %s",
--- 700,706 ----
  		 * Load and verify certificate and private key
  		 */
  		snprintf(fnbuf, sizeof(fnbuf), "%s/server.crt", DataDir);
! 		if (SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM) != 1)
  			ereport(FATAL,
  					(errcode(ERRCODE_CONFIG_FILE_ERROR),
  			  errmsg("could not load server certificate file \"%s\": %s",
*************** initialize_SSL(void)
*** 720,731 ****
  						 fnbuf),
  					 errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\".")));
  
! 		if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
  			ereport(FATAL,
  					(errmsg("could not load private key file \"%s\": %s",
  							fnbuf, SSLerrmessage())));
  
! 		if (!SSL_CTX_check_private_key(SSL_context))
  			ereport(FATAL,
  					(errmsg("check of private key failed: %s",
  							SSLerrmessage())));
--- 720,731 ----
  						 fnbuf),
  					 errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\".")));
  
! 		if (SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM) != 1)
  			ereport(FATAL,
  					(errmsg("could not load private key file \"%s\": %s",
  							fnbuf, SSLerrmessage())));
  
! 		if (SSL_CTX_check_private_key(SSL_context) != 1)
  			ereport(FATAL,
  					(errmsg("check of private key failed: %s",
  							SSLerrmessage())));
*************** initialize_SSL(void)
*** 741,747 ****
  
  	/* accept client certificates, but don't require them. */
  	snprintf(fnbuf, sizeof(fnbuf), "%s/root.crt", DataDir);
! 	if (!SSL_CTX_load_verify_locations(SSL_context, fnbuf, CA_PATH))
  	{
  		/* Not fatal - we do not require client certificates */
  		ereport(LOG,
--- 741,747 ----
  
  	/* accept client certificates, but don't require them. */
  	snprintf(fnbuf, sizeof(fnbuf), "%s/root.crt", DataDir);
! 	if (SSL_CTX_load_verify_locations(SSL_context, fnbuf, CA_PATH) != 1)
  	{
  		/* Not fatal - we do not require client certificates */
  		ereport(LOG,