| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Victor Wagner <vitus(at)wagner(dot)pp(dot)ru> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org, Michael Paquier <michael(at)paquier(dot)xyz> |
| Subject: | Re: PostgreSQL12 and older versions of OpenSSL |
| Date: | 2019-09-24 16:43:17 |
| Message-ID: | 22006.1569343397@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Victor Wagner <vitus(at)wagner(dot)pp(dot)ru> writes:
> I'm attaching patch which uses solution mentioned above.
> It seems that chedk for SSL_OP_NO_TLSvX_Y is redundant if
> we are checking for TLS_MAX_VERSION.
One thing I'm wondering is if it's safe to assume that TLS_MAX_VERSION
will be defined whenever these other symbols are. Looking in an
0.9.8x install tree, that doesn't seem to define any of them; while
in 1.0.1e I see
./tls1.h:#define TLS1_1_VERSION 0x0302
./tls1.h:#define TLS1_2_VERSION 0x0303
./tls1.h:#define TLS_MAX_VERSION TLS1_2_VERSION
So the patch seems okay for these two versions, but I have no data about
intermediate OpenSSL versions.
BTW, the spacing in this patch seems rather random.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2019-09-24 17:15:59 | Re: log message in proto.c |
| Previous Message | Robert Haas | 2019-09-24 16:01:42 | Re: Unwanted expression simplification in PG12b2 |