Re: OpenSSL 1.1 breaks configure and more

From: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
To: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
Cc: Andreas Karlsson <andreas(at)proxel(dot)se>, Victor Wagner <vitus(at)wagner(dot)pp(dot)ru>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Christoph Berg <myon(at)debian(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Subject: Re: OpenSSL 1.1 breaks configure and more
Date: 2016-09-13 05:28:50
Message-ID: CAB7nPqQeGKh0wA-Uks2CBpiXkCe94KBru-8DHKrenYvCeZ2+FQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Sep 13, 2016 at 1:51 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> I planned to commit this today, but while reading through it and testing, I
> ended up doing a bunch more changes, so this deserves another round of
> review.

OK, I am giving it a try. Note to people using OSX: at least for brew
there is the formula openssl(at)1(dot)1 that you can use with the following
flags:
CFLAGS="-I/usr/local/opt/openssl(at)1(dot)1/include"
LDFLAGS="-L/usr/local/opt/openssl(at)1(dot)1/lib"
Postgres is not the only broken thing, so they kept the formula
openssl to 1.0.2.

> Changes since last version:
>
> * Added more error checks to the my_BIO_s_socket() function. Check for NULL
> result from malloc(). Check the return code of BIO_meth_set_*() functions;
> looking at OpenSSL sources, they always succeed, but all the test/example
> programs that come with OpenSSL do check them.
>
> * Use BIO_get_new_index() to get the index number for the wrapper BIO.
>
> * Also call BIO_meth_set_puts(). It was missing in previous patch versions.
>
> * Fixed src/test/ssl test suite to also work with OpenSSL 1.1.0.
>
> * Changed all references (in existing code) to SSLEAY_VERSION_NUMBER into
> OPENSSL_VERSION_NUMBER, for consistency.
>
> * Squashed all into one patch.
>
> I intend to apply this to all supported branches, so please have a look!
> This is now against REL9_6_STABLE, but there should be little difference
> between branches in the code that this touches.

I just took a look at this patch, testing it on the way with 1.1.0 and
1.0.2. And it looks in pretty good shape.

+ ResourceOwner owner;
+ struct OSSLDigest *next;
+ struct OSSLDigest *prev;
This could be done as well with a list of pg_list, the cost being a
couple of extra calls to switch memory contexts, but it would simplify
free_openssldigest when cleaning up an entry. I guessed you already
thought about that but discarded it?
--
Michael

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2016-09-13 06:34:46 Re: WAL consistency check facility
Previous Message Craig Ringer 2016-09-13 05:27:43 Re: 9.6 TAP tests and extensions