mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2025-02-11 19:20:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Attempt to fix build with unusual OpenSSL versions

Browse Source 
Since e3bdb2d926, libpq failed to build on
some platforms because they did not have SSL_clear_options().  Although
mainline OpenSSL introduced SSL_clear_options() after
SSL_OP_NO_COMPRESSION, so the code should have built fine, at least an
old NetBSD version (build farm "coypu" NetBSD 5.1 gcc 4.1.3 PR-20080704
powerpc) has SSL_OP_NO_COMPRESSION but no SSL_clear_options().

So add a configure check for SSL_clear_options().  If we don't find it,
skip the call.  That means on such a platform one cannot *enable* SSL
compression if the built-in default is off, but that seems an unlikely
combination anyway and not very interesting in practice.
This commit is contained in:
Peter Eisentraut 2018-03-20 16:44:52 -04:00
parent 3de04e4ed1
commit a364dfa4ac
4 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure vendored
View File

@ -10203,7 +10203,7 @@ else
fi fi
fi fi
for ac_func in SSL_get_current_compression X509_get_signature_nid for ac_func in SSL_clear_options SSL_get_current_compression X509_get_signature_nid
do : do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

2
configure.in
View File

@ -1067,7 +1067,7 @@ if test "$with_openssl" = yes ; then
AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])]) AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])])
AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])]) AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])])
fi fi
AC_CHECK_FUNCS([SSL_get_current_compression X509_get_signature_nid]) AC_CHECK_FUNCS([SSL_clear_options SSL_get_current_compression X509_get_signature_nid])
# Functions introduced in OpenSSL 1.1.0. We used to check for # Functions introduced in OpenSSL 1.1.0. We used to check for
# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL # OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it

3
src/include/pg_config.h.in
View File

@ -479,6 +479,9 @@
/* Define to 1 if you have the `srandom' function. */ /* Define to 1 if you have the `srandom' function. */
#undef HAVE_SRANDOM #undef HAVE_SRANDOM
/* Define to 1 if you have the `SSL_clear_options' function. */
#undef HAVE_SSL_CLEAR_OPTIONS
/* Define to 1 if you have the `SSL_get_current_compression' function. */ /* Define to 1 if you have the `SSL_get_current_compression' function. */
#undef HAVE_SSL_GET_CURRENT_COMPRESSION #undef HAVE_SSL_GET_CURRENT_COMPRESSION

8
src/interfaces/libpq/fe-secure-openssl.c
View File

@ -1194,8 +1194,16 @@ initialize_SSL(PGconn *conn)
#ifdef SSL_OP_NO_COMPRESSION #ifdef SSL_OP_NO_COMPRESSION
if (conn->sslcompression && conn->sslcompression[0] == '0') if (conn->sslcompression && conn->sslcompression[0] == '0')
SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION); SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
/*
* Mainline OpenSSL introduced SSL_clear_options() before
* SSL_OP_NO_COMPRESSION, so this following #ifdef should not be
* necessary, but some old NetBSD version have a locally modified libssl
* that has SSL_OP_NO_COMPRESSION but not SSL_clear_options().
*/
#ifdef HAVE_SSL_CLEAR_OPTIONS
else else
SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION); SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION);
#endif
#endif #endif
return 0; return 0;