From ac3ff8b1d8f98da38c53a701e6397931080a39cf Mon Sep 17 00:00:00 2001 From: Peter Eisentraut <peter_e@gmx.net> Date: Thu, 4 Jan 2018 16:22:06 -0500 Subject: [PATCH] Fix build with older OpenSSL versions Apparently, X509_get_signature_nid() is only in fairly new OpenSSL versions, so use the lower-level interface it is built on instead. --- src/backend/libpq/be-secure-openssl.c | 2 +- src/interfaces/libpq/fe-secure-openssl.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index f75cc2ef18..8d0256ba07 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -1265,7 +1265,7 @@ be_tls_get_certificate_hash(Port *port, size_t *len) * Get the signature algorithm of the certificate to determine the * hash algorithm to use for the result. */ - if (!OBJ_find_sigid_algs(X509_get_signature_nid(server_cert), + if (!OBJ_find_sigid_algs(OBJ_obj2nid(server_cert->sig_alg->algorithm), &algo_nid, NULL)) elog(ERROR, "could not determine server certificate signature algorithm"); diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 52390640bf..ac2842cd06 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -447,7 +447,7 @@ pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len) * Get the signature algorithm of the certificate to determine the hash * algorithm to use for the result. */ - if (!OBJ_find_sigid_algs(X509_get_signature_nid(peer_cert), + if (!OBJ_find_sigid_algs(OBJ_obj2nid(peer_cert->sig_alg->algorithm), &algo_nid, NULL)) { printfPQExpBuffer(&conn->errorMessage,