From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Update minimum SSL version |
Date: | 2019-12-05 01:48:23 |
Message-ID: | 20191205014823.GB5064@paquier.xyz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Dec 02, 2019 at 02:09:51PM +0100, Daniel Gustafsson wrote:
> However, looking at the signatures detected by autoconf we can however get an
> idea of which version is used. SSL_clear_options and X509_get_signature_nid()
> first shipped in 1.0.2, while SSL_get_current_compression first shipped in
> 0.9.8. There are also a set of functions which are new in 1.1.0 (BIO_get_data
> et.al).
I was just looking at this problem, and something does not match with
what you wrote here. SSL_clear_options() is defined in OpenSSL from
0.9.8 to 1.0.2 as a macro (see ssl/ssl.h), and is defined as a
function since 1.1.0. So it seems to me that we are able to correctly
detect the presence of this function in the configure checks if
building with 1.1.0~, but not other versions.
In LibreSSL, the code has visibly always used a macro, even on their
latest HEAD since the code has been forked from OpenSSL 1.0.1g:
https://github.com/libressl-portable/openbsd. So we should be able
to compile our code, still we fail to detect that we can use the
macro.
It seems to me that we have quite a couple of arguments in favor of
dropping this configure check all together. (I saw the business
around a364dfa as well regarding NetBSD 5.1).
We can do more cleanup, and the discussion is quite different than the
original intent of this thread, so I am going to create a new one on
the matter.
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2019-12-05 01:50:01 | Re: Update minimum SSL version |
Previous Message | Jeremy Schneider | 2019-12-05 01:36:16 | logical decoding bug: segfault in ReorderBufferToastReplace() |