From e5f63db995514473f7b3421bc80f8e7715cd6d35 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Sat, 27 Jun 2020 13:26:17 -0400
Subject: [PATCH] Fix list of SSL error codes for older OpenSSL versions.
Apparently 1.0.1 lacks SSL_R_VERSION_TOO_HIGH and
SSL_R_VERSION_TOO_LOW. Per buildfarm.
---
src/backend/libpq/be-secure-openssl.c | 6 ++++--
src/interfaces/libpq/fe-secure-openssl.c | 6 ++++--
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index d1cf455ab4..8b21ff4065 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -474,11 +474,13 @@ aloop:
case SSL_R_UNKNOWN_PROTOCOL:
case SSL_R_UNKNOWN_SSL_VERSION:
case SSL_R_UNSUPPORTED_SSL_VERSION:
- case SSL_R_VERSION_TOO_HIGH:
- case SSL_R_VERSION_TOO_LOW:
case SSL_R_WRONG_SSL_VERSION:
case SSL_R_WRONG_VERSION_NUMBER:
case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:
+#ifdef SSL_R_VERSION_TOO_HIGH
+ case SSL_R_VERSION_TOO_HIGH:
+ case SSL_R_VERSION_TOO_LOW:
+#endif
give_proto_hint = true;
break;
default:
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index b5b2006b75..d609a38bbe 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -1326,11 +1326,13 @@ open_client_SSL(PGconn *conn)
case SSL_R_UNKNOWN_PROTOCOL:
case SSL_R_UNKNOWN_SSL_VERSION:
case SSL_R_UNSUPPORTED_SSL_VERSION:
- case SSL_R_VERSION_TOO_HIGH:
- case SSL_R_VERSION_TOO_LOW:
case SSL_R_WRONG_SSL_VERSION:
case SSL_R_WRONG_VERSION_NUMBER:
case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:
+#ifdef SSL_R_VERSION_TOO_HIGH
+ case SSL_R_VERSION_TOO_HIGH:
+ case SSL_R_VERSION_TOO_LOW:
+#endif
appendPQExpBuffer(&conn->errorMessage,
libpq_gettext("This may indicate that the server does not support any SSL protocol version between %s and %s.\n"),
conn->ssl_min_protocol_version ?