Support disallowing SSL renegotiation when using LibreSSL

Daniel Gustafsson <dgustafsson@postgresql.org>

Commit: 44e27f0a6d07d194ee43e9e4095db75c0525112f
Author: Daniel Gustafsson <dgustafsson@postgresql.org>
Date: 2024-04-24T08:54:42Z
Releases: 17.0
Support disallowing SSL renegotiation when using LibreSSL

LibreSSL doesn't support the SSL_OP_NO_RENEGOTIATION macro which is
used by OpenSSL, instead it has invented a similar one for client-
side renegotiation: SSL_OP_NO_CLIENT_RENEGOTIATION. This has been
supported since LibreSSL 2.5.1 which by now can be considered well
below the minimum requirement.

Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/eac70d46-e61c-4d71-a1e1-78e2bfa19485@eisentraut.org

Files

PathChange+/−
src/backend/libpq/be-secure-openssl.c modified +10 −5

Discussion