Re: Compile psql 9.6 with SSL Version 1.1.0

Thanks for providing the insight needed to make this work on Windows.

On Fri, Oct 12, 2018, 12:17 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Pratik Parikh <pratik(dot)p(dot)parikh(at)gmail(dot)com> writes:
> > I have seen the same failure on windows build. I can only use
> > openssl 1.02(x).
>
> Hmm ... looking at it closer, I realize that part of the problem is
> that with 1.1.0 you need HAVE_BIO_METH_NEW to be defined, and there's
> no mechanism for doing that in the MSVC build code. Worse, there's
> half a dozen other OpenSSL-version-dependent symbols that get set by
> configure in non-Windows builds, but we have nothing equivalent to
> that for Windows. Michael P. laid out the situation in a recent commit
> message:
>
>
> Author: Michael Paquier <michael(at)paquier(dot)xyz>
> Branch: master Release: REL_11_BR [bde64eb61] 2018-06-19 09:00:33 +0900
>
> Track new configure flags introduced for version 11 in
> pg_config.h.win32
>
> The following set of flags mainly matter when building Postgres code
> with MSVC and those have been forgotten with latest developments:
> - HAVE_LDAP_INITIALIZE, added by 35c0754f, and marked as disabled.
> ldap_initialize() is a non-standard extension that provides a way to
> use
> "ldaps" with OpenLDAP, but it is not supported on Windows, and instead
> the non-standard ldap_sslinit() is used if WIN32 is defined. Per input
> from Thomas Munro.
> - HAVE_X509_GET_SIGNATURE_NID, added by 054e8c6c, which is used by
> SCRAM's channel binding tls-server-end-point. Having this flag
> disabled
> would cause this channel binding type to be unsupported for Windows
> builds.
> - HAVE_SSL_CLEAR_OPTIONS, added recently as of a364dfa4 to disable SSL
> compression.
> - HAVE_ASN1_STRING_GET0_DATA, added by 5c6df67, which is used to track
> a new compatibility with OpenSSL 1.1.0. This was missing from
> pg_config.win32.h and is not enabled by default. HAVE_BIO_GET_DATA,
> HAVE_OPENSSL_INIT_SSL and HAVE_BIO_METH_NEW gain the same treatment.
>
> The second and third flags are enabled with this commit, which raises
> the bar of OpenSSL support to 1.0.2 on Windows as a minimum. As this
> is the LTS (long-time support) version of OpenSSL community and knowing
> that all recent installers referred by OpenSSL upstream don't have
> anymore 1.0.1 or older, we could live with that requirement. In order
> to allow the code to compile with OpenSSL 1.1.0, all the flags
> mentioned
> above need to be enabled in pg_config.h.win32.
>
> Author: Michael Paquier
> Reviewed-by: Andrew Dunstan
> Discussion: https://postgr.es/m/20180529211559.GF6632@paquier.xyz
>
>
> So the immediate fix for building on Windows is you need to manually
> define all of those in pg_config.h. We probably ought to try to make
> that less painful, though. At the very least it'd be good if there
> were just one symbol you had to set manually ...
>
> regards, tom lane
>