Make detection of SSL_CTX_set_min_proto_version more portable

As already explained in configure.in, using the OpenSSL version number
to detect presence of functions doesn't work, because LibreSSL reports
incompatible version numbers.  Fortunately, the functions we need here
are actually macros, so we can just test for them directly.
This commit is contained in:
Peter Eisentraut 2018-11-20 22:59:36 +01:00
parent e73e67c719
commit ea8bc349bd

View File

@ -68,7 +68,7 @@ static bool dummy_ssl_passwd_cb_called = false;
static bool ssl_is_server_start; static bool ssl_is_server_start;
static int ssl_protocol_version_to_openssl(int v, const char *guc_name); static int ssl_protocol_version_to_openssl(int v, const char *guc_name);
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) #ifndef SSL_CTX_set_min_proto_version
static int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); static int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
static int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); static int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
#endif #endif
@ -1273,7 +1273,7 @@ error:
/* /*
* Replacements for APIs present in newer versions of OpenSSL * Replacements for APIs present in newer versions of OpenSSL
*/ */
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) #ifndef SSL_CTX_set_min_proto_version
/* /*
* OpenSSL versions that support TLS 1.3 shouldn't get here because they * OpenSSL versions that support TLS 1.3 shouldn't get here because they
@ -1327,4 +1327,4 @@ SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version)
return 1; /* success */ return 1; /* success */
} }
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* !SSL_CTX_set_min_proto_version */