From ea8bc349bd1d92a882d636b535723b36366d9fbe Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Tue, 20 Nov 2018 22:59:36 +0100 Subject: [PATCH] Make detection of SSL_CTX_set_min_proto_version more portable As already explained in configure.in, using the OpenSSL version number to detect presence of functions doesn't work, because LibreSSL reports incompatible version numbers. Fortunately, the functions we need here are actually macros, so we can just test for them directly. --- src/backend/libpq/be-secure-openssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index b2b0cccdae..a910ea2cb4 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -68,7 +68,7 @@ static bool dummy_ssl_passwd_cb_called = false; static bool ssl_is_server_start; static int ssl_protocol_version_to_openssl(int v, const char *guc_name); -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +#ifndef SSL_CTX_set_min_proto_version static int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); static int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); #endif @@ -1273,7 +1273,7 @@ error: /* * Replacements for APIs present in newer versions of OpenSSL */ -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +#ifndef SSL_CTX_set_min_proto_version /* * OpenSSL versions that support TLS 1.3 shouldn't get here because they @@ -1327,4 +1327,4 @@ SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version) return 1; /* success */ } -#endif /* OPENSSL_VERSION_NUMBER */ +#endif /* !SSL_CTX_set_min_proto_version */