| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi>, pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: pgsql: Fix compilation on OpenSSL 1.0.2 and LibreSSL |
| Date: | 2024-05-02 10:24:03 |
| Message-ID: | 5EACEB09-BCBC-432A-A5B0-E8FD73808276@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
> On 2 May 2024, at 11:30, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
>
> On 02/05/2024 12:09, Daniel Gustafsson wrote:
>>> On 30 Apr 2024, at 07:26, Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi> wrote:
>>> Fix compilation on OpenSSL 1.0.2 and LibreSSL
>>>
>>> SSL_AD_NO_APPLICATION_PROTOCOL was introduced in OpenSSL 1.1.0.
>> + * https://github.com/openssl/openssl/issues/24300. This is available in
>> + * OpenSSL 1.1.0 and later, but as of this writing not in LibreSSL.
>> I'm a bit confused, as far as I can tell this has been in LibreSSL since the
>> OpenBSD 6.9 release.
>> https://github.com/openbsd/src/blob/master/lib/libssl/ssl_tlsext.c#L130
>> Or am I missing something?
>
> Hmm, I'm not sure how exactly LibreSSL is versioned. But morepork runs OpenBSD 6.9, and it was one of the failing buildfarm members: https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=morepork&dt=2024-04-30%2004%3A30%3A28.
Turns out I fat-fingered my grep, it's available starting with OpenBSD 7.0 so
the morepork failure makes sense.
> And I don't see the symbol in a fresh checkout of the portable libressl repository at https://github.com/libressl/portable.
The portable repo only contains the portable parts, did you pull the libssl
code with ./autogen? If so you should be able to see it, like below:
:~/dev/tls/libressl $ git clone git(at)github(dot)com:libressl/portable.git
:~/dev/tls/libressl $ cd portable/
:~/dev/tls/libressl/portable (master) $ git checkout OPENBSD_7_0
branch 'OPENBSD_7_0' set up to track 'origin/OPENBSD_7_0'.
Switched to a new branch 'OPENBSD_7_0'
:~/dev/tls/libressl/portable (OPENBSD_7_0) $ ./autogen.sh
...
:~/dev/tls/libressl/portable (OPENBSD_7_0) $ cd openbsd/
:~/dev/tls/libressl/portable/openbsd (OPENBSD_7_0) $ git grep SSL_AD_NO_APPLICATION_PROTOCOL
src/lib/libssl/ssl.h:#define SSL_AD_NO_APPLICATION_PROTOCOL 120
src/lib/libssl/ssl_tlsext.c: *alert = SSL_AD_NO_APPLICATION_PROTOCOL;
This makes targeting 7.0 as the lowest LibreSSL version appealing in my
patchset for removing support for old OpenSSL and LibreSSL versions.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2024-05-02 10:30:09 | Re: pgsql: Fix compilation on OpenSSL 1.0.2 and LibreSSL |
| Previous Message | Heikki Linnakangas | 2024-05-02 09:30:01 | Re: pgsql: Fix compilation on OpenSSL 1.0.2 and LibreSSL |