Don't bother to request SSL connection over a Unix socket, since the

postmaster won't accept the request anyway.  (If your kernel can't
be trusted, SSL will not help you.)

diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 28eced2e9b0a9761e26fde3bf708e228db60cf23..772e54b8dbaf177d3be14035ee7486f831af090d 100644 (file)
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.181 2001/11/11 02:09:05 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.182 2002/03/02 00:49:22 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -309,7 +309,8 @@ PQconnectStart(const char *conninfo)
    conn->pgpass = tmp ? strdup(tmp) : NULL;
 #ifdef USE_SSL
    tmp = conninfo_getval(connOptions, "requiressl");
-   conn->require_ssl = tmp ? (tmp[0] == '1' ? true : false) : false;
+   if (tmp && tmp[0] == '1')
+       conn->require_ssl = true;
 #endif
 
    /*
@@ -504,8 +505,6 @@ PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions,
 #ifdef USE_SSL
    if ((tmp = getenv("PGREQUIRESSL")) != NULL)
        conn->require_ssl = (tmp[0] == '1') ? true : false;
-   else
-       conn->require_ssl = 0;
 #endif
 
    if (error)
@@ -871,6 +870,11 @@ connectDBStart(PGconn *conn)
    {
        UNIXSOCK_PATH(conn->raddr.un, portno, conn->pgunixsocket);
        conn->raddr_len = UNIXSOCK_LEN(conn->raddr.un);
+#ifdef USE_SSL
+       /* Don't bother requesting SSL over a Unix socket */
+       conn->allow_ssl_try = false;
+       conn->require_ssl = false;
+#endif
    }
 #endif