Re: Compile psql 9.6 with SSL Version 1.1.0

Pratik Parikh <pratik(dot)p(dot)parikh(at)gmail(dot)com> writes:
> I have seen the same failure on windows build. I can only use
> openssl 1.02(x).

Hmm ... looking at it closer, I realize that part of the problem is
that with 1.1.0 you need HAVE_BIO_METH_NEW to be defined, and there's
no mechanism for doing that in the MSVC build code. Worse, there's
half a dozen other OpenSSL-version-dependent symbols that get set by
configure in non-Windows builds, but we have nothing equivalent to
that for Windows. Michael P. laid out the situation in a recent commit
message:

Author: Michael Paquier <michael(at)paquier(dot)xyz>
Branch: master Release: REL_11_BR [bde64eb61] 2018-06-19 09:00:33 +0900

Track new configure flags introduced for version 11 in pg_config.h.win32

The following set of flags mainly matter when building Postgres code
with MSVC and those have been forgotten with latest developments:
- HAVE_LDAP_INITIALIZE, added by 35c0754f, and marked as disabled.
ldap_initialize() is a non-standard extension that provides a way to use
"ldaps" with OpenLDAP, but it is not supported on Windows, and instead
the non-standard ldap_sslinit() is used if WIN32 is defined. Per input
from Thomas Munro.
- HAVE_X509_GET_SIGNATURE_NID, added by 054e8c6c, which is used by
SCRAM's channel binding tls-server-end-point. Having this flag disabled
would cause this channel binding type to be unsupported for Windows
builds.
- HAVE_SSL_CLEAR_OPTIONS, added recently as of a364dfa4 to disable SSL
compression.
- HAVE_ASN1_STRING_GET0_DATA, added by 5c6df67, which is used to track
a new compatibility with OpenSSL 1.1.0. This was missing from
pg_config.win32.h and is not enabled by default. HAVE_BIO_GET_DATA,
HAVE_OPENSSL_INIT_SSL and HAVE_BIO_METH_NEW gain the same treatment.

The second and third flags are enabled with this commit, which raises
the bar of OpenSSL support to 1.0.2 on Windows as a minimum. As this
is the LTS (long-time support) version of OpenSSL community and knowing
that all recent installers referred by OpenSSL upstream don't have
anymore 1.0.1 or older, we could live with that requirement. In order
to allow the code to compile with OpenSSL 1.1.0, all the flags mentioned
above need to be enabled in pg_config.h.win32.

Author: Michael Paquier
Reviewed-by: Andrew Dunstan
Discussion: https://postgr.es/m/20180529211559.GF6632@paquier.xyz

So the immediate fix for building on Windows is you need to manually
define all of those in pg_config.h. We probably ought to try to make
that less painful, though. At the very least it'd be good if there
were just one symbol you had to set manually ...

regards, tom lane