diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index 51836321fb..8dd4d17c8c 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -29,15 +29,6 @@ #include #endif -#include -#include -#include -#ifndef OPENSSL_NO_ECDH -#include -#endif -#include - -#include "common/openssl.h" #include "libpq/libpq.h" #include "miscadmin.h" #include "pgstat.h" @@ -46,6 +37,21 @@ #include "tcop/tcopprot.h" #include "utils/memutils.h" +/* + * These SSL-related #includes must come after all system-provided headers. + * This ensures that OpenSSL can take care of conflicts with Windows' + * by #undef'ing the conflicting macros. (We don't directly + * include , but some other Windows headers do.) + */ +#include "common/openssl.h" +#include +#include +#ifndef OPENSSL_NO_ECDH +#include +#endif +#include + + /* default init hook can be overridden by a shared library */ static void default_openssl_tls_init(SSL_CTX *context, bool isServerStart); openssl_tls_init_hook_typ openssl_tls_init_hook = default_openssl_tls_init; diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 3a7cc8f774..a90d891c6c 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -30,7 +30,6 @@ #include "fe-auth.h" #include "fe-secure-common.h" #include "libpq-int.h" -#include "common/openssl.h" #ifdef WIN32 #include "win32.h" @@ -55,13 +54,20 @@ #endif #endif -#include +/* + * These SSL-related #includes must come after all system-provided headers. + * This ensures that OpenSSL can take care of conflicts with Windows' + * by #undef'ing the conflicting macros. (We don't directly + * include , but some other Windows headers do.) + */ +#include "common/openssl.h" #include #ifdef USE_SSL_ENGINE #include #endif #include + static int verify_cb(int ok, X509_STORE_CTX *ctx); static int openssl_verify_peer_name_matches_certificate_name(PGconn *conn, ASN1_STRING *name,