v9-0004-Support-SSL_R_VERSION_TOO_LOW-on-LibreSSL.patch

application/octet-stream

Filename: v9-0004-Support-SSL_R_VERSION_TOO_LOW-on-LibreSSL.patch
Type: application/octet-stream
Part: 1
Message: Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Patch

Same data as JSON: GET /api/v1/attachments/:id/patch the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes. API reference →
Format: format-patch
Series: patch v9-0004
Subject: Support SSL_R_VERSION_TOO_LOW on LibreSSL
File+
src/backend/libpq/be-secure-openssl.c 2 0
From db84b48ed74770bf7f67ed44475f0f52939d772d Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <dgustafsson@postgresql.org>
Date: Fri, 12 Apr 2024 13:12:17 +0200
Subject: [PATCH v9 4/5] Support SSL_R_VERSION_TOO_LOW on LibreSSL

The SSL_R_VERSION_TOO_LOW error reason is supported in LibreSSL since
LibreSSL 3.6.3, shipped in OpenSSL 7.2. Previously we only checked for
SSL_R_VERSION_TOO_HIGH and then applied both under that guard since
OpenSSL has only ever supported both at the same time. This breaks the
check into one per reason to allow SSL_R_VERSION_TOO_LOW to work when
using LibreSSL.

Discussion: https://postgr.es/m/eac70d46-e61c-4d71-a1e1-78e2bfa19485@eisentraut.org
---
 src/backend/libpq/be-secure-openssl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index efd49ffca8..59c71b15b5 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -542,6 +542,8 @@ aloop:
 					case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:
 #ifdef SSL_R_VERSION_TOO_HIGH
 					case SSL_R_VERSION_TOO_HIGH:
+#endif
+#ifdef SSL_R_VERSION_TOO_LOW
 					case SSL_R_VERSION_TOO_LOW:
 #endif
 						give_proto_hint = true;
-- 
2.39.3 (Apple Git-146)