its presence. This amounts to desupporting Kerberos 5 releases 1.0.*,
which is small loss, and simplifies use of our Kerberos code on platforms
with Red-Hat-style include file layouts. Per gripe from John Gray and
followup discussion.
reliably (ie, regardless of which libraries they depend on). Also
make sure that we don't select headers that obviously belong to the
wrong one of the two libraries. This was discussed back around 4-Sep
but seems to have slipped through the cracks. The header selection
could be checked more closely, perhaps, but let's see if this is good
enough.
actual executable location. This allows people to continue to use
setups where, eg, postmaster is symlinked from a convenient place.
Per gripe from Josh Berkus.
compiler emits any warnings, the test program had better be 100%
correct, not only 90% correct. The recent addition of -Wold-style-definition
broke thread-safety detection on every platform that has that switch,
because the test program used an old-style definition.
-O2 -Wall -Wmissing-prototypes -Wpointer-arith
Check whether the version of GCC we are using supports any of:
-Wdeclaration-after-statement
-Wendif-labels
-Wold-style-definition
And add the supported flags to CFLAGS.
-L spec rather than assuming libpython is in the standard search path
(this returns to the way 7.4 did it). But check the distutils output
to see if it looks like Python has built a shared library, and if so
link with that instead of the probably-not-shared library found in
configdir.
* Links with -leay32 and -lssleay32 instead of crypto and ssl. On win32,
"crypto and ssl" is only used for static linking.
* Initializes SSL in the backend and not just in the postmaster. We
cannot pass the SSL context from the postmaster through the parameter
file, because it contains function pointers.
* Split one error check in be-secure.c. Previously we could not tell
which of three calls actually failed. The previous code also returned
incorrect error messages if SSL_accept() failed - that function needs to
use SSL_get_error() on the return value, can't just use the error queue.
* Since the win32 implementation uses non-blocking sockets "behind the
scenes" in order to deliver signals correctly, implements a version of
SSL_accept() that can handle this. Also, add a wait function in case
SSL_read or SSL_write() needs more data.
Magnus Hagander
