mirrors
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Attempt to fix build with unusual OpenSSL versions 

Since e3bdb2d926, libpq failed to build on
some platforms because they did not have SSL_clear_options().  Although
mainline OpenSSL introduced SSL_clear_options() after
SSL_OP_NO_COMPRESSION, so the code should have built fine, at least an
old NetBSD version (build farm "coypu" NetBSD 5.1 gcc 4.1.3 PR-20080704
powerpc) has SSL_OP_NO_COMPRESSION but no SSL_clear_options().

So add a configure check for SSL_clear_options().  If we don't find it,
skip the call.  That means on such a platform one cannot *enable* SSL
compression if the built-in default is off, but that seems an unlikely
combination anyway and not very interesting in practice.
This commit is contained in:
Peter Eisentraut 2018-03-20 16:44:52 -04:00
parent 3de04e4ed1
commit a364dfa4ac
4 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure vendored
View File

@ -10203,7 +10203,7 @@ else
fi
fi
for ac_func in SSL_get_current_compression X509_get_signature_nid
for ac_func in SSL_clear_options SSL_get_current_compression X509_get_signature_nid
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

2
configure.in
View File

@ -1067,7 +1067,7 @@ if test "$with_openssl" = yes ; then
AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])])
AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])])
fi
AC_CHECK_FUNCS([SSL_get_current_compression X509_get_signature_nid])
AC_CHECK_FUNCS([SSL_clear_options SSL_get_current_compression X509_get_signature_nid])
# Functions introduced in OpenSSL 1.1.0. We used to check for
# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it

3
src/include/pg_config.h.in
View File

@ -479,6 +479,9 @@
/* Define to 1 if you have the `srandom' function. */
#undef HAVE_SRANDOM
/* Define to 1 if you have the `SSL_clear_options' function. */
#undef HAVE_SSL_CLEAR_OPTIONS
/* Define to 1 if you have the `SSL_get_current_compression' function. */
#undef HAVE_SSL_GET_CURRENT_COMPRESSION

8
src/interfaces/libpq/fe-secure-openssl.c
View File

@ -1194,8 +1194,16 @@ initialize_SSL(PGconn *conn)
#ifdef SSL_OP_NO_COMPRESSION
if (conn->sslcompression && conn->sslcompression[0] == '0')
SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
/*
* Mainline OpenSSL introduced SSL_clear_options() before
* SSL_OP_NO_COMPRESSION, so this following #ifdef should not be
* necessary, but some old NetBSD version have a locally modified libssl
* that has SSL_OP_NO_COMPRESSION but not SSL_clear_options().
*/
#ifdef HAVE_SSL_CLEAR_OPTIONS
else
SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION);
#endif
#endif
return 0;