summaryrefslogtreecommitdiffstats
path: root/vendor/github.com/lib
diff options
context:
space:
mode:
authorChristopher Speller <crspeller@gmail.com>2017-03-13 12:54:22 -0400
committerGitHub <noreply@github.com>2017-03-13 12:54:22 -0400
commitc281ee3b61e8ab53ff118866d72618ae8cce582b (patch)
tree776e7bdf6c8bfbb9a1dee5976496ab065959991f /vendor/github.com/lib
parent3ada7a41a7fb13abef19dd63dc56b720900dbaa9 (diff)
downloadchat-c281ee3b61e8ab53ff118866d72618ae8cce582b.tar.gz
chat-c281ee3b61e8ab53ff118866d72618ae8cce582b.tar.bz2
chat-c281ee3b61e8ab53ff118866d72618ae8cce582b.zip
Updating server dependancies. Also adding github.com/jaytaylor/html2text and gopkg.in/gomail.v2 (#5748)
Diffstat (limited to 'vendor/github.com/lib')
-rw-r--r--vendor/github.com/lib/pq/README.md2
-rw-r--r--vendor/github.com/lib/pq/conn.go92
-rw-r--r--vendor/github.com/lib/pq/conn_go18.go35
-rw-r--r--vendor/github.com/lib/pq/conn_test.go108
-rw-r--r--vendor/github.com/lib/pq/go18_test.go15
-rw-r--r--vendor/github.com/lib/pq/listen_example/doc.go24
-rw-r--r--vendor/github.com/lib/pq/notify_test.go24
-rw-r--r--vendor/github.com/lib/pq/oid/types.go12
-rw-r--r--vendor/github.com/lib/pq/ssl.go119
-rw-r--r--vendor/github.com/lib/pq/ssl_permissions.go16
-rw-r--r--vendor/github.com/lib/pq/ssl_test.go186
-rw-r--r--vendor/github.com/lib/pq/ssl_windows.go10
12 files changed, 361 insertions, 282 deletions
diff --git a/vendor/github.com/lib/pq/README.md b/vendor/github.com/lib/pq/README.md
index 5eb9e1445..7670fc87a 100644
--- a/vendor/github.com/lib/pq/README.md
+++ b/vendor/github.com/lib/pq/README.md
@@ -1,6 +1,6 @@
# pq - A pure Go postgres driver for Go's database/sql package
-[![Build Status](https://travis-ci.org/lib/pq.png?branch=master)](https://travis-ci.org/lib/pq)
+[![Build Status](https://travis-ci.org/lib/pq.svg?branch=master)](https://travis-ci.org/lib/pq)
## Install
diff --git a/vendor/github.com/lib/pq/conn.go b/vendor/github.com/lib/pq/conn.go
index 3c8f77cb6..4b2fb4462 100644
--- a/vendor/github.com/lib/pq/conn.go
+++ b/vendor/github.com/lib/pq/conn.go
@@ -133,7 +133,7 @@ type conn struct {
// Handle driver-side settings in parsed connection string.
func (c *conn) handleDriverSettings(o values) (err error) {
boolSetting := func(key string, val *bool) error {
- if value := o.Get(key); value != "" {
+ if value, ok := o[key]; ok {
if value == "yes" {
*val = true
} else if value == "no" {
@@ -158,8 +158,7 @@ func (c *conn) handleDriverSettings(o values) (err error) {
func (c *conn) handlePgpass(o values) {
// if a password was supplied, do not process .pgpass
- _, ok := o["password"]
- if ok {
+ if _, ok := o["password"]; ok {
return
}
filename := os.Getenv("PGPASSFILE")
@@ -187,11 +186,11 @@ func (c *conn) handlePgpass(o values) {
}
defer file.Close()
scanner := bufio.NewScanner(io.Reader(file))
- hostname := o.Get("host")
+ hostname := o["host"]
ntw, _ := network(o)
- port := o.Get("port")
- db := o.Get("dbname")
- username := o.Get("user")
+ port := o["port"]
+ db := o["dbname"]
+ username := o["user"]
// From: https://github.com/tg/pgpass/blob/master/reader.go
getFields := func(s string) []string {
fs := make([]string, 0, 5)
@@ -256,13 +255,13 @@ func DialOpen(d Dialer, name string) (_ driver.Conn, err error) {
// * Very low precedence defaults applied in every situation
// * Environment variables
// * Explicitly passed connection information
- o.Set("host", "localhost")
- o.Set("port", "5432")
+ o["host"] = "localhost"
+ o["port"] = "5432"
// N.B.: Extra float digits should be set to 3, but that breaks
// Postgres 8.4 and older, where the max is 2.
- o.Set("extra_float_digits", "2")
+ o["extra_float_digits"] = "2"
for k, v := range parseEnviron(os.Environ()) {
- o.Set(k, v)
+ o[k] = v
}
if strings.HasPrefix(name, "postgres://") || strings.HasPrefix(name, "postgresql://") {
@@ -277,9 +276,9 @@ func DialOpen(d Dialer, name string) (_ driver.Conn, err error) {
}
// Use the "fallback" application name if necessary
- if fallback := o.Get("fallback_application_name"); fallback != "" {
- if !o.Isset("application_name") {
- o.Set("application_name", fallback)
+ if fallback, ok := o["fallback_application_name"]; ok {
+ if _, ok := o["application_name"]; !ok {
+ o["application_name"] = fallback
}
}
@@ -290,29 +289,29 @@ func DialOpen(d Dialer, name string) (_ driver.Conn, err error) {
// parsing its value is not worth it. Instead, we always explicitly send
// client_encoding as a separate run-time parameter, which should override
// anything set in options.
- if enc := o.Get("client_encoding"); enc != "" && !isUTF8(enc) {
+ if enc, ok := o["client_encoding"]; ok && !isUTF8(enc) {
return nil, errors.New("client_encoding must be absent or 'UTF8'")
}
- o.Set("client_encoding", "UTF8")
+ o["client_encoding"] = "UTF8"
// DateStyle needs a similar treatment.
- if datestyle := o.Get("datestyle"); datestyle != "" {
+ if datestyle, ok := o["datestyle"]; ok {
if datestyle != "ISO, MDY" {
panic(fmt.Sprintf("setting datestyle must be absent or %v; got %v",
"ISO, MDY", datestyle))
}
} else {
- o.Set("datestyle", "ISO, MDY")
+ o["datestyle"] = "ISO, MDY"
}
// If a user is not provided by any other means, the last
// resort is to use the current operating system provided user
// name.
- if o.Get("user") == "" {
+ if _, ok := o["user"]; !ok {
u, err := userCurrent()
if err != nil {
return nil, err
} else {
- o.Set("user", u)
+ o["user"] = u
}
}
@@ -335,7 +334,7 @@ func DialOpen(d Dialer, name string) (_ driver.Conn, err error) {
cn.startup(o)
// reset the deadline, in case one was set (see dial)
- if timeout := o.Get("connect_timeout"); timeout != "" && timeout != "0" {
+ if timeout, ok := o["connect_timeout"]; ok && timeout != "0" {
err = cn.c.SetDeadline(time.Time{})
}
return cn, err
@@ -349,7 +348,7 @@ func dial(d Dialer, o values) (net.Conn, error) {
}
// Zero or not specified means wait indefinitely.
- if timeout := o.Get("connect_timeout"); timeout != "" && timeout != "0" {
+ if timeout, ok := o["connect_timeout"]; ok && timeout != "0" {
seconds, err := strconv.ParseInt(timeout, 10, 0)
if err != nil {
return nil, fmt.Errorf("invalid value for parameter connect_timeout: %s", err)
@@ -371,31 +370,18 @@ func dial(d Dialer, o values) (net.Conn, error) {
}
func network(o values) (string, string) {
- host := o.Get("host")
+ host := o["host"]
if strings.HasPrefix(host, "/") {
- sockPath := path.Join(host, ".s.PGSQL."+o.Get("port"))
+ sockPath := path.Join(host, ".s.PGSQL."+o["port"])
return "unix", sockPath
}
- return "tcp", net.JoinHostPort(host, o.Get("port"))
+ return "tcp", net.JoinHostPort(host, o["port"])
}
type values map[string]string
-func (vs values) Set(k, v string) {
- vs[k] = v
-}
-
-func (vs values) Get(k string) (v string) {
- return vs[k]
-}
-
-func (vs values) Isset(k string) bool {
- _, ok := vs[k]
- return ok
-}
-
// scanner implements a tokenizer for libpq-style option strings.
type scanner struct {
s []rune
@@ -466,7 +452,7 @@ func parseOpts(name string, o values) error {
// Skip any whitespace after the =
if r, ok = s.SkipSpaces(); !ok {
// If we reach the end here, the last value is just an empty string as per libpq.
- o.Set(string(keyRunes), "")
+ o[string(keyRunes)] = ""
break
}
@@ -501,7 +487,7 @@ func parseOpts(name string, o values) error {
}
}
- o.Set(string(keyRunes), string(valRunes))
+ o[string(keyRunes)] = string(valRunes)
}
return nil
@@ -665,6 +651,12 @@ func (cn *conn) simpleQuery(q string) (res *rows, err error) {
cn: cn,
}
}
+ // Set the result and tag to the last command complete if there wasn't a
+ // query already run. Although queries usually return from here and cede
+ // control to Next, a query with zero results does not.
+ if t == 'C' && res.colNames == nil {
+ res.result, res.tag = cn.parseComplete(r.string())
+ }
res.done = true
case 'Z':
cn.processReadyForQuery(r)
@@ -1119,7 +1111,7 @@ func (cn *conn) auth(r *readBuf, o values) {
// OK
case 3:
w := cn.writeBuf('p')
- w.string(o.Get("password"))
+ w.string(o["password"])
cn.send(w)
t, r := cn.recv()
@@ -1133,7 +1125,7 @@ func (cn *conn) auth(r *readBuf, o values) {
case 5:
s := string(r.next(4))
w := cn.writeBuf('p')
- w.string("md5" + md5s(md5s(o.Get("password")+o.Get("user"))+s))
+ w.string("md5" + md5s(md5s(o["password"]+o["user"])+s))
cn.send(w)
t, r := cn.recv()
@@ -1333,6 +1325,8 @@ type rows struct {
colFmts []format
done bool
rb readBuf
+ result driver.Result
+ tag string
}
func (rs *rows) Close() error {
@@ -1356,6 +1350,17 @@ func (rs *rows) Columns() []string {
return rs.colNames
}
+func (rs *rows) Result() driver.Result {
+ if rs.result == nil {
+ return emptyRows
+ }
+ return rs.result
+}
+
+func (rs *rows) Tag() string {
+ return rs.tag
+}
+
func (rs *rows) Next(dest []driver.Value) (err error) {
if rs.done {
return io.EOF
@@ -1373,6 +1378,9 @@ func (rs *rows) Next(dest []driver.Value) (err error) {
case 'E':
err = parseError(&rs.rb)
case 'C', 'I':
+ if t == 'C' {
+ rs.result, rs.tag = conn.parseComplete(rs.rb.string())
+ }
continue
case 'Z':
conn.processReadyForQuery(&rs.rb)
diff --git a/vendor/github.com/lib/pq/conn_go18.go b/vendor/github.com/lib/pq/conn_go18.go
index 0aca1d002..43cc35f7b 100644
--- a/vendor/github.com/lib/pq/conn_go18.go
+++ b/vendor/github.com/lib/pq/conn_go18.go
@@ -14,10 +14,7 @@ func (cn *conn) QueryContext(ctx context.Context, query string, args []driver.Na
for i, nv := range args {
list[i] = nv.Value
}
- var closed chan<- struct{}
- if ctx.Done() != nil {
- closed = watchCancel(ctx, cn.cancel)
- }
+ closed := cn.watchCancel(ctx)
r, err := cn.query(query, list)
if err != nil {
return nil, err
@@ -33,8 +30,7 @@ func (cn *conn) ExecContext(ctx context.Context, query string, args []driver.Nam
list[i] = nv.Value
}
- if ctx.Done() != nil {
- closed := watchCancel(ctx, cn.cancel)
+ if closed := cn.watchCancel(ctx); closed != nil {
defer close(closed)
}
@@ -53,22 +49,23 @@ func (cn *conn) BeginTx(ctx context.Context, opts driver.TxOptions) (driver.Tx,
if err != nil {
return nil, err
}
- if ctx.Done() != nil {
- cn.txnClosed = watchCancel(ctx, cn.cancel)
- }
+ cn.txnClosed = cn.watchCancel(ctx)
return tx, nil
}
-func watchCancel(ctx context.Context, cancel func()) chan<- struct{} {
- closed := make(chan struct{})
- go func() {
- select {
- case <-ctx.Done():
- cancel()
- case <-closed:
- }
- }()
- return closed
+func (cn *conn) watchCancel(ctx context.Context) chan<- struct{} {
+ if done := ctx.Done(); done != nil {
+ closed := make(chan struct{})
+ go func() {
+ select {
+ case <-done:
+ cn.cancel()
+ case <-closed:
+ }
+ }()
+ return closed
+ }
+ return nil
}
func (cn *conn) cancel() {
diff --git a/vendor/github.com/lib/pq/conn_test.go b/vendor/github.com/lib/pq/conn_test.go
index 183e6dcd6..c9135b727 100644
--- a/vendor/github.com/lib/pq/conn_test.go
+++ b/vendor/github.com/lib/pq/conn_test.go
@@ -191,7 +191,7 @@ localhost:*:*:*:pass_C
pgpass.Close()
assertPassword := func(extra values, expected string) {
- o := &values{
+ o := values{
"host": "localhost",
"sslmode": "disable",
"connect_timeout": "20",
@@ -203,11 +203,11 @@ localhost:*:*:*:pass_C
"datestyle": "ISO, MDY",
}
for k, v := range extra {
- (*o)[k] = v
+ o[k] = v
}
- (&conn{}).handlePgpass(*o)
- if o.Get("password") != expected {
- t.Fatalf("For %v expected %s got %s", extra, expected, o.Get("password"))
+ (&conn{}).handlePgpass(o)
+ if pw := o["password"]; pw != expected {
+ t.Fatalf("For %v expected %s got %s", extra, expected, pw)
}
}
// wrong permissions for the pgpass file means it should be ignored
@@ -686,17 +686,28 @@ func TestCloseBadConn(t *testing.T) {
if err := cn.Close(); err != nil {
t.Fatal(err)
}
+
+ // During the Go 1.9 cycle, https://github.com/golang/go/commit/3792db5
+ // changed this error from
+ //
+ // net.errClosing = errors.New("use of closed network connection")
+ //
+ // to
+ //
+ // internal/poll.ErrClosing = errors.New("use of closed file or network connection")
+ const errClosing = "use of closed"
+
// Verify write after closing fails.
if _, err := nc.Write(nil); err == nil {
t.Fatal("expected error")
- } else if !strings.Contains(err.Error(), "use of closed network connection") {
- t.Fatalf("expected use of closed network connection error, got %s", err)
+ } else if !strings.Contains(err.Error(), errClosing) {
+ t.Fatalf("expected %s error, got %s", errClosing, err)
}
// Verify second close fails.
if err := cn.Close(); err == nil {
t.Fatal("expected error")
- } else if !strings.Contains(err.Error(), "use of closed network connection") {
- t.Fatalf("expected use of closed network connection error, got %s", err)
+ } else if !strings.Contains(err.Error(), errClosing) {
+ t.Fatalf("expected %s error, got %s", errClosing, err)
}
}
@@ -1493,3 +1504,82 @@ func TestQuoteIdentifier(t *testing.T) {
}
}
}
+
+func TestRowsResultTag(t *testing.T) {
+ type ResultTag interface {
+ Result() driver.Result
+ Tag() string
+ }
+
+ tests := []struct {
+ query string
+ tag string
+ ra int64
+ }{
+ {
+ query: "CREATE TEMP TABLE temp (a int)",
+ tag: "CREATE TABLE",
+ },
+ {
+ query: "INSERT INTO temp VALUES (1), (2)",
+ tag: "INSERT",
+ ra: 2,
+ },
+ {
+ query: "SELECT 1",
+ },
+ // A SELECT anywhere should take precedent.
+ {
+ query: "SELECT 1; INSERT INTO temp VALUES (1), (2)",
+ },
+ {
+ query: "INSERT INTO temp VALUES (1), (2); SELECT 1",
+ },
+ // Multiple statements that don't return rows should return the last tag.
+ {
+ query: "CREATE TEMP TABLE t (a int); DROP TABLE t",
+ tag: "DROP TABLE",
+ },
+ // Ensure a rows-returning query in any position among various tags-returing
+ // statements will prefer the rows.
+ {
+ query: "SELECT 1; CREATE TEMP TABLE t (a int); DROP TABLE t",
+ },
+ {
+ query: "CREATE TEMP TABLE t (a int); SELECT 1; DROP TABLE t",
+ },
+ {
+ query: "CREATE TEMP TABLE t (a int); DROP TABLE t; SELECT 1",
+ },
+ // Verify that an no-results query doesn't set the tag.
+ {
+ query: "CREATE TEMP TABLE t (a int); SELECT 1 WHERE FALSE; DROP TABLE t;",
+ },
+ }
+
+ // If this is the only test run, this will correct the connection string.
+ openTestConn(t).Close()
+
+ conn, err := Open("")
+ if err != nil {
+ t.Fatal(err)
+ }
+ defer conn.Close()
+ q := conn.(driver.Queryer)
+
+ for _, test := range tests {
+ if rows, err := q.Query(test.query, nil); err != nil {
+ t.Fatalf("%s: %s", test.query, err)
+ } else {
+ r := rows.(ResultTag)
+ if tag := r.Tag(); tag != test.tag {
+ t.Fatalf("%s: unexpected tag %q", test.query, tag)
+ }
+ res := r.Result()
+ if ra, _ := res.RowsAffected(); ra != test.ra {
+ t.Fatalf("%s: unexpected rows affected: %d", test.query, ra)
+ }
+ rows.Close()
+ }
+ }
+}
diff --git a/vendor/github.com/lib/pq/go18_test.go b/vendor/github.com/lib/pq/go18_test.go
index 15546d865..5d17e4d92 100644
--- a/vendor/github.com/lib/pq/go18_test.go
+++ b/vendor/github.com/lib/pq/go18_test.go
@@ -79,10 +79,7 @@ func TestContextCancelExec(t *testing.T) {
ctx, cancel := context.WithCancel(context.Background())
// Delay execution for just a bit until db.ExecContext has begun.
- go func() {
- time.Sleep(time.Millisecond * 10)
- cancel()
- }()
+ defer time.AfterFunc(time.Millisecond*10, cancel).Stop()
// Not canceled until after the exec has started.
if _, err := db.ExecContext(ctx, "select pg_sleep(1)"); err == nil {
@@ -106,10 +103,7 @@ func TestContextCancelQuery(t *testing.T) {
ctx, cancel := context.WithCancel(context.Background())
// Delay execution for just a bit until db.QueryContext has begun.
- go func() {
- time.Sleep(time.Millisecond * 10)
- cancel()
- }()
+ defer time.AfterFunc(time.Millisecond*10, cancel).Stop()
// Not canceled until after the exec has started.
if _, err := db.QueryContext(ctx, "select pg_sleep(1)"); err == nil {
@@ -137,10 +131,7 @@ func TestContextCancelBegin(t *testing.T) {
}
// Delay execution for just a bit until tx.Exec has begun.
- go func() {
- time.Sleep(time.Millisecond * 10)
- cancel()
- }()
+ defer time.AfterFunc(time.Millisecond*10, cancel).Stop()
// Not canceled until after the exec has started.
if _, err := tx.Exec("select pg_sleep(1)"); err == nil {
diff --git a/vendor/github.com/lib/pq/listen_example/doc.go b/vendor/github.com/lib/pq/listen_example/doc.go
index 5bc99f5c1..80f0a9b97 100644
--- a/vendor/github.com/lib/pq/listen_example/doc.go
+++ b/vendor/github.com/lib/pq/listen_example/doc.go
@@ -51,21 +51,15 @@ mechanism to avoid polling the database while waiting for more work to arrive.
}
func waitForNotification(l *pq.Listener) {
- for {
- select {
- case <-l.Notify:
- fmt.Println("received notification, new work available")
- return
- case <-time.After(90 * time.Second):
- go func() {
- l.Ping()
- }()
- // Check if there's more work available, just in case it takes
- // a while for the Listener to notice connection loss and
- // reconnect.
- fmt.Println("received no work for 90 seconds, checking for new work")
- return
- }
+ select {
+ case <-l.Notify:
+ fmt.Println("received notification, new work available")
+ case <-time.After(90 * time.Second):
+ go l.Ping()
+ // Check if there's more work available, just in case it takes
+ // a while for the Listener to notice connection loss and
+ // reconnect.
+ fmt.Println("received no work for 90 seconds, checking for new work")
}
}
diff --git a/vendor/github.com/lib/pq/notify_test.go b/vendor/github.com/lib/pq/notify_test.go
index fe8941a4e..82a77e1eb 100644
--- a/vendor/github.com/lib/pq/notify_test.go
+++ b/vendor/github.com/lib/pq/notify_test.go
@@ -7,7 +7,6 @@ import (
"os"
"runtime"
"sync"
- "sync/atomic"
"testing"
"time"
)
@@ -235,15 +234,10 @@ func TestConnExecDeadlock(t *testing.T) {
// calls Close on the net.Conn; equivalent to a network failure
l.Close()
- var done int32 = 0
- go func() {
- time.Sleep(10 * time.Second)
- if atomic.LoadInt32(&done) != 1 {
- panic("timed out")
- }
- }()
+ defer time.AfterFunc(10*time.Second, func() {
+ panic("timed out")
+ }).Stop()
wg.Wait()
- atomic.StoreInt32(&done, 1)
}
// Test for ListenerConn being closed while a slow query is executing
@@ -271,15 +265,11 @@ func TestListenerConnCloseWhileQueryIsExecuting(t *testing.T) {
if err != nil {
t.Fatal(err)
}
- var done int32 = 0
- go func() {
- time.Sleep(10 * time.Second)
- if atomic.LoadInt32(&done) != 1 {
- panic("timed out")
- }
- }()
+
+ defer time.AfterFunc(10*time.Second, func() {
+ panic("timed out")
+ }).Stop()
wg.Wait()
- atomic.StoreInt32(&done, 1)
}
func TestNotifyExtra(t *testing.T) {
diff --git a/vendor/github.com/lib/pq/oid/types.go b/vendor/github.com/lib/pq/oid/types.go
index 03df05a61..a3390c23a 100644
--- a/vendor/github.com/lib/pq/oid/types.go
+++ b/vendor/github.com/lib/pq/oid/types.go
@@ -18,6 +18,7 @@ const (
T_xid Oid = 28
T_cid Oid = 29
T_oidvector Oid = 30
+ T_pg_ddl_command Oid = 32
T_pg_type Oid = 71
T_pg_attribute Oid = 75
T_pg_proc Oid = 81
@@ -28,6 +29,7 @@ const (
T_pg_node_tree Oid = 194
T__json Oid = 199
T_smgr Oid = 210
+ T_index_am_handler Oid = 325
T_point Oid = 600
T_lseg Oid = 601
T_path Oid = 602
@@ -133,6 +135,9 @@ const (
T__uuid Oid = 2951
T_txid_snapshot Oid = 2970
T_fdw_handler Oid = 3115
+ T_pg_lsn Oid = 3220
+ T__pg_lsn Oid = 3221
+ T_tsm_handler Oid = 3310
T_anyenum Oid = 3500
T_tsvector Oid = 3614
T_tsquery Oid = 3615
@@ -144,6 +149,8 @@ const (
T__regconfig Oid = 3735
T_regdictionary Oid = 3769
T__regdictionary Oid = 3770
+ T_jsonb Oid = 3802
+ T__jsonb Oid = 3807
T_anyrange Oid = 3831
T_event_trigger Oid = 3838
T_int4range Oid = 3904
@@ -158,4 +165,9 @@ const (
T__daterange Oid = 3913
T_int8range Oid = 3926
T__int8range Oid = 3927
+ T_pg_shseclabel Oid = 4066
+ T_regnamespace Oid = 4089
+ T__regnamespace Oid = 4090
+ T_regrole Oid = 4096
+ T__regrole Oid = 4097
)
diff --git a/vendor/github.com/lib/pq/ssl.go b/vendor/github.com/lib/pq/ssl.go
index b282ebd92..7deb30436 100644
--- a/vendor/github.com/lib/pq/ssl.go
+++ b/vendor/github.com/lib/pq/ssl.go
@@ -15,7 +15,7 @@ import (
func ssl(o values) func(net.Conn) net.Conn {
verifyCaOnly := false
tlsConf := tls.Config{}
- switch mode := o.Get("sslmode"); mode {
+ switch mode := o["sslmode"]; mode {
// "require" is the default.
case "", "require":
// We must skip TLS's own verification since it requires full
@@ -23,15 +23,19 @@ func ssl(o values) func(net.Conn) net.Conn {
tlsConf.InsecureSkipVerify = true
// From http://www.postgresql.org/docs/current/static/libpq-ssl.html:
- // Note: For backwards compatibility with earlier versions of PostgreSQL, if a
- // root CA file exists, the behavior of sslmode=require will be the same as
- // that of verify-ca, meaning the server certificate is validated against the
- // CA. Relying on this behavior is discouraged, and applications that need
- // certificate validation should always use verify-ca or verify-full.
- if _, err := os.Stat(o.Get("sslrootcert")); err == nil {
- verifyCaOnly = true
- } else {
- o.Set("sslrootcert", "")
+ //
+ // Note: For backwards compatibility with earlier versions of
+ // PostgreSQL, if a root CA file exists, the behavior of
+ // sslmode=require will be the same as that of verify-ca, meaning the
+ // server certificate is validated against the CA. Relying on this
+ // behavior is discouraged, and applications that need certificate
+ // validation should always use verify-ca or verify-full.
+ if sslrootcert, ok := o["sslrootcert"]; ok {
+ if _, err := os.Stat(sslrootcert); err == nil {
+ verifyCaOnly = true
+ } else {
+ delete(o, "sslrootcert")
+ }
}
case "verify-ca":
// We must skip TLS's own verification since it requires full
@@ -39,7 +43,7 @@ func ssl(o values) func(net.Conn) net.Conn {
tlsConf.InsecureSkipVerify = true
verifyCaOnly = true
case "verify-full":
- tlsConf.ServerName = o.Get("host")
+ tlsConf.ServerName = o["host"]
case "disable":
return nil
default:
@@ -64,38 +68,43 @@ func ssl(o values) func(net.Conn) net.Conn {
// in the user's home directory. The configured files must exist and have
// the correct permissions.
func sslClientCertificates(tlsConf *tls.Config, o values) {
- sslkey := o.Get("sslkey")
- sslcert := o.Get("sslcert")
-
- var cinfo, kinfo os.FileInfo
- var err error
+ // user.Current() might fail when cross-compiling. We have to ignore the
+ // error and continue without home directory defaults, since we wouldn't
+ // know from where to load them.
+ user, _ := user.Current()
+
+ // In libpq, the client certificate is only loaded if the setting is not blank.
+ //
+ // https://github.com/postgres/postgres/blob/REL9_6_2/src/interfaces/libpq/fe-secure-openssl.c#L1036-L1037
+ sslcert := o["sslcert"]
+ if len(sslcert) == 0 && user != nil {
+ sslcert = filepath.Join(user.HomeDir, ".postgresql", "postgresql.crt")
+ }
+ // https://github.com/postgres/postgres/blob/REL9_6_2/src/interfaces/libpq/fe-secure-openssl.c#L1045
+ if len(sslcert) == 0 {
+ return
+ }
+ // https://github.com/postgres/postgres/blob/REL9_6_2/src/interfaces/libpq/fe-secure-openssl.c#L1050:L1054
+ if _, err := os.Stat(sslcert); os.IsNotExist(err) {
+ return
+ } else if err != nil {
+ panic(err)
+ }
- if sslcert != "" && sslkey != "" {
- // Check that both files exist. Note that we don't do any more extensive
- // checks than this (such as checking that the paths aren't directories);
- // LoadX509KeyPair() will take care of the rest.
- cinfo, err = os.Stat(sslcert)
- if err != nil {
- panic(err)
- }
+ // In libpq, the ssl key is only loaded if the setting is not blank.
+ //
+ // https://github.com/postgres/postgres/blob/REL9_6_2/src/interfaces/libpq/fe-secure-openssl.c#L1123-L1222
+ sslkey := o["sslkey"]
+ if len(sslkey) == 0 && user != nil {
+ sslkey = filepath.Join(user.HomeDir, ".postgresql", "postgresql.key")
+ }
- kinfo, err = os.Stat(sslkey)
- if err != nil {
+ if len(sslkey) > 0 {
+ if err := sslKeyPermissions(sslkey); err != nil {
panic(err)
}
- } else {
- // Automatically find certificates from ~/.postgresql
- sslcert, sslkey, cinfo, kinfo = sslHomeCertificates()
-
- if cinfo == nil || kinfo == nil {
- // No certificates to load
- return
- }
}
- // The files must also have the correct permissions
- sslCertificatePermissions(cinfo, kinfo)
-
cert, err := tls.LoadX509KeyPair(sslcert, sslkey)
if err != nil {
panic(err)
@@ -105,7 +114,10 @@ func sslClientCertificates(tlsConf *tls.Config, o values) {
// sslCertificateAuthority adds the RootCA specified in the "sslrootcert" setting.
func sslCertificateAuthority(tlsConf *tls.Config, o values) {
- if sslrootcert := o.Get("sslrootcert"); sslrootcert != "" {
+ // In libpq, the root certificate is only loaded if the setting is not blank.
+ //
+ // https://github.com/postgres/postgres/blob/REL9_6_2/src/interfaces/libpq/fe-secure-openssl.c#L950-L951
+ if sslrootcert := o["sslrootcert"]; len(sslrootcert) > 0 {
tlsConf.RootCAs = x509.NewCertPool()
cert, err := ioutil.ReadFile(sslrootcert)
@@ -113,41 +125,12 @@ func sslCertificateAuthority(tlsConf *tls.Config, o values) {
panic(err)
}
- ok := tlsConf.RootCAs.AppendCertsFromPEM(cert)
- if !ok {
+ if !tlsConf.RootCAs.AppendCertsFromPEM(cert) {
errorf("couldn't parse pem in sslrootcert")
}
}
}
-// sslHomeCertificates returns the path and stats of certificates in the current
-// user's home directory.
-func sslHomeCertificates() (cert, key string, cinfo, kinfo os.FileInfo) {
- user, err := user.Current()
-
- if err != nil {
- // user.Current() might fail when cross-compiling. We have to ignore the
- // error and continue without client certificates, since we wouldn't know
- // from where to load them.
- return
- }
-
- cert = filepath.Join(user.HomeDir, ".postgresql", "postgresql.crt")
- key = filepath.Join(user.HomeDir, ".postgresql", "postgresql.key")
-
- cinfo, err = os.Stat(cert)
- if err != nil {
- cinfo = nil
- }
-
- kinfo, err = os.Stat(key)
- if err != nil {
- kinfo = nil
- }
-
- return
-}
-
// sslVerifyCertificateAuthority carries out a TLS handshake to the server and
// verifies the presented certificate against the CA, i.e. the one specified in
// sslrootcert or the system CA if sslrootcert was not specified.
diff --git a/vendor/github.com/lib/pq/ssl_permissions.go b/vendor/github.com/lib/pq/ssl_permissions.go
index 33076a8da..3b7c3a2a3 100644
--- a/vendor/github.com/lib/pq/ssl_permissions.go
+++ b/vendor/github.com/lib/pq/ssl_permissions.go
@@ -4,13 +4,17 @@ package pq
import "os"
-// sslCertificatePermissions checks the permissions on user-supplied certificate
-// files. The key file should have very little access.
+// sslKeyPermissions checks the permissions on user-supplied ssl key files.
+// The key file should have very little access.
//
// libpq does not check key file permissions on Windows.
-func sslCertificatePermissions(cert, key os.FileInfo) {
- kmode := key.Mode()
- if kmode != kmode&0600 {
- panic(ErrSSLKeyHasWorldPermissions)
+func sslKeyPermissions(sslkey string) error {
+ info, err := os.Stat(sslkey)
+ if err != nil {
+ return err
}
+ if info.Mode().Perm()&0077 != 0 {
+ return ErrSSLKeyHasWorldPermissions
+ }
+ return nil
}
diff --git a/vendor/github.com/lib/pq/ssl_test.go b/vendor/github.com/lib/pq/ssl_test.go
index f70a5fd57..3eafbfd20 100644
--- a/vendor/github.com/lib/pq/ssl_test.go
+++ b/vendor/github.com/lib/pq/ssl_test.go
@@ -6,7 +6,6 @@ import (
_ "crypto/sha256"
"crypto/x509"
"database/sql"
- "fmt"
"os"
"path/filepath"
"testing"
@@ -42,10 +41,13 @@ func openSSLConn(t *testing.T, conninfo string) (*sql.DB, error) {
}
func checkSSLSetup(t *testing.T, conninfo string) {
- db, err := openSSLConn(t, conninfo)
- if err == nil {
- db.Close()
- t.Fatalf("expected error with conninfo=%q", conninfo)
+ _, err := openSSLConn(t, conninfo)
+ if pge, ok := err.(*Error); ok {
+ if pge.Code.Name() != "invalid_authorization_specification" {
+ t.Fatalf("unexpected error code '%s'", pge.Code.Name())
+ }
+ } else {
+ t.Fatalf("expected %T, got %v", (*Error)(nil), err)
}
}
@@ -150,120 +152,128 @@ func TestSSLVerifyCA(t *testing.T) {
checkSSLSetup(t, "sslmode=disable user=pqgossltest")
// Not OK according to the system CA
- _, err := openSSLConn(t, "host=postgres sslmode=verify-ca user=pqgossltest")
- if err == nil {
- t.Fatal("expected error")
+ {
+ _, err := openSSLConn(t, "host=postgres sslmode=verify-ca user=pqgossltest")
+ if _, ok := err.(x509.UnknownAuthorityError); !ok {
+ t.Fatalf("expected %T, got %#+v", x509.UnknownAuthorityError{}, err)
+ }
}
- _, ok := err.(x509.UnknownAuthorityError)
- if !ok {
- t.Fatalf("expected x509.UnknownAuthorityError, got %#+v", err)
+
+ // Still not OK according to the system CA; empty sslrootcert is treated as unspecified.
+ {
+ _, err := openSSLConn(t, "host=postgres sslmode=verify-ca user=pqgossltest sslrootcert=''")
+ if _, ok := err.(x509.UnknownAuthorityError); !ok {
+ t.Fatalf("expected %T, got %#+v", x509.UnknownAuthorityError{}, err)
+ }
}
rootCertPath := filepath.Join(os.Getenv("PQSSLCERTTEST_PATH"), "root.crt")
rootCert := "sslrootcert=" + rootCertPath + " "
// No match on Common Name, but that's OK
- _, err = openSSLConn(t, rootCert+"host=127.0.0.1 sslmode=verify-ca user=pqgossltest")
- if err != nil {
+ if _, err := openSSLConn(t, rootCert+"host=127.0.0.1 sslmode=verify-ca user=pqgossltest"); err != nil {
t.Fatal(err)
}
// Everything OK
- _, err = openSSLConn(t, rootCert+"host=postgres sslmode=verify-ca user=pqgossltest")
- if err != nil {
+ if _, err := openSSLConn(t, rootCert+"host=postgres sslmode=verify-ca user=pqgossltest"); err != nil {
t.Fatal(err)
}
}
-func getCertConninfo(t *testing.T, source string) string {
- var sslkey string
- var sslcert string
-
- certpath := os.Getenv("PQSSLCERTTEST_PATH")
-
- switch source {
- case "missingkey":
- sslkey = "/tmp/filedoesnotexist"
- sslcert = filepath.Join(certpath, "postgresql.crt")
- case "missingcert":
- sslkey = filepath.Join(certpath, "postgresql.key")
- sslcert = "/tmp/filedoesnotexist"
- case "certtwice":
- sslkey = filepath.Join(certpath, "postgresql.crt")
- sslcert = filepath.Join(certpath, "postgresql.crt")
- case "valid":
- sslkey = filepath.Join(certpath, "postgresql.key")
- sslcert = filepath.Join(certpath, "postgresql.crt")
- default:
- t.Fatalf("invalid source %q", source)
- }
- return fmt.Sprintf("sslmode=require user=pqgosslcert sslkey=%s sslcert=%s", sslkey, sslcert)
-}
-
// Authenticate over SSL using client certificates
func TestSSLClientCertificates(t *testing.T) {
maybeSkipSSLTests(t)
// Environment sanity check: should fail without SSL
checkSSLSetup(t, "sslmode=disable user=pqgossltest")
- // Should also fail without a valid certificate
- db, err := openSSLConn(t, "sslmode=require user=pqgosslcert")
- if err == nil {
- db.Close()
- t.Fatal("expected error")
- }
- pge, ok := err.(*Error)
- if !ok {
- t.Fatal("expected pq.Error")
+ const baseinfo = "sslmode=require user=pqgosslcert"
+
+ // Certificate not specified, should fail
+ {
+ _, err := openSSLConn(t, baseinfo)
+ if pge, ok := err.(*Error); ok {
+ if pge.Code.Name() != "invalid_authorization_specification" {
+ t.Fatalf("unexpected error code '%s'", pge.Code.Name())
+ }
+ } else {
+ t.Fatalf("expected %T, got %v", (*Error)(nil), err)
+ }
}
- if pge.Code.Name() != "invalid_authorization_specification" {
- t.Fatalf("unexpected error code %q", pge.Code.Name())
+
+ // Empty certificate specified, should fail
+ {
+ _, err := openSSLConn(t, baseinfo+" sslcert=''")
+ if pge, ok := err.(*Error); ok {
+ if pge.Code.Name() != "invalid_authorization_specification" {
+ t.Fatalf("unexpected error code '%s'", pge.Code.Name())
+ }
+ } else {
+ t.Fatalf("expected %T, got %v", (*Error)(nil), err)
+ }
}
- // Should work
- db, err = openSSLConn(t, getCertConninfo(t, "valid"))
- if err != nil {
- t.Fatal(err)
+ // Non-existent certificate specified, should fail
+ {
+ _, err := openSSLConn(t, baseinfo+" sslcert=/tmp/filedoesnotexist")
+ if pge, ok := err.(*Error); ok {
+ if pge.Code.Name() != "invalid_authorization_specification" {
+ t.Fatalf("unexpected error code '%s'", pge.Code.Name())
+ }
+ } else {
+ t.Fatalf("expected %T, got %v", (*Error)(nil), err)
+ }
}
- rows, err := db.Query("SELECT 1")
- if err != nil {
- t.Fatal(err)
+
+ certpath, ok := os.LookupEnv("PQSSLCERTTEST_PATH")
+ if !ok {
+ t.Fatalf("PQSSLCERTTEST_PATH not present in environment")
}
- rows.Close()
-}
-// Test errors with ssl certificates
-func TestSSLClientCertificatesMissingFiles(t *testing.T) {
- maybeSkipSSLTests(t)
- // Environment sanity check: should fail without SSL
- checkSSLSetup(t, "sslmode=disable user=pqgossltest")
+ sslcert := filepath.Join(certpath, "postgresql.crt")
- // Key missing, should fail
- _, err := openSSLConn(t, getCertConninfo(t, "missingkey"))
- if err == nil {
- t.Fatal("expected error")
- }
- // should be a PathError
- _, ok := err.(*os.PathError)
- if !ok {
- t.Fatalf("expected PathError, got %#+v", err)
+ // Cert present, key not specified, should fail
+ {
+ _, err := openSSLConn(t, baseinfo+" sslcert="+sslcert)
+ if _, ok := err.(*os.PathError); !ok {
+ t.Fatalf("expected %T, got %#+v", (*os.PathError)(nil), err)
+ }
}
- // Cert missing, should fail
- _, err = openSSLConn(t, getCertConninfo(t, "missingcert"))
- if err == nil {
- t.Fatal("expected error")
+ // Cert present, empty key specified, should fail
+ {
+ _, err := openSSLConn(t, baseinfo+" sslcert="+sslcert+" sslkey=''")
+ if _, ok := err.(*os.PathError); !ok {
+ t.Fatalf("expected %T, got %#+v", (*os.PathError)(nil), err)
+ }
}
- // should be a PathError
- _, ok = err.(*os.PathError)
- if !ok {
- t.Fatalf("expected PathError, got %#+v", err)
+
+ // Cert present, non-existent key, should fail
+ {
+ _, err := openSSLConn(t, baseinfo+" sslcert="+sslcert+" sslkey=/tmp/filedoesnotexist")
+ if _, ok := err.(*os.PathError); !ok {
+ t.Fatalf("expected %T, got %#+v", (*os.PathError)(nil), err)
+ }
}
- // Key has wrong permissions, should fail
- _, err = openSSLConn(t, getCertConninfo(t, "certtwice"))
- if err == nil {
- t.Fatal("expected error")
+ // Key has wrong permissions (passing the cert as the key), should fail
+ if _, err := openSSLConn(t, baseinfo+" sslcert="+sslcert+" sslkey="+sslcert); err != ErrSSLKeyHasWorldPermissions {
+ t.Fatalf("expected %s, got %#+v", ErrSSLKeyHasWorldPermissions, err)
}
- if err != ErrSSLKeyHasWorldPermissions {
- t.Fatalf("expected ErrSSLKeyHasWorldPermissions, got %#+v", err)
+
+ sslkey := filepath.Join(certpath, "postgresql.key")
+
+ // Should work
+ if db, err := openSSLConn(t, baseinfo+" sslcert="+sslcert+" sslkey="+sslkey); err != nil {
+ t.Fatal(err)
+ } else {
+ rows, err := db.Query("SELECT 1")
+ if err != nil {
+ t.Fatal(err)
+ }
+ if err := rows.Close(); err != nil {
+ t.Fatal(err)
+ }
+ if err := db.Close(); err != nil {
+ t.Fatal(err)
+ }
}
}
diff --git a/vendor/github.com/lib/pq/ssl_windows.go b/vendor/github.com/lib/pq/ssl_windows.go
index 529daed22..5d2c763ce 100644
--- a/vendor/github.com/lib/pq/ssl_windows.go
+++ b/vendor/github.com/lib/pq/ssl_windows.go
@@ -2,8 +2,8 @@
package pq
-import "os"
-
-// sslCertificatePermissions checks the permissions on user-supplied certificate
-// files. In libpq, this is a no-op on Windows.
-func sslCertificatePermissions(cert, key os.FileInfo) {}
+// sslKeyPermissions checks the permissions on user-supplied ssl key files.
+// The key file should have very little access.
+//
+// libpq does not check key file permissions on Windows.
+func sslKeyPermissions(string) error { return nil }