Re: OpenSSL 1.1 breaks configure and more

Andreas Karlsson <andreas@proxel.se>

From: Andreas Karlsson <andreas@proxel.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Alvaro Herrera <alvherre@2ndquadrant.com>, Christoph Berg <myon@debian.org>, Heikki Linnakangas <hlinnaka@iki.fi>, Michael Paquier <michael.paquier@gmail.com>, Victor Wagner <vitus@wagner.pp.ru>, pgsql-hackers@postgresql.org
Date: 2017-04-16T21:27:10Z
Lists: pgsql-hackers
On 04/16/2017 03:14 AM, Tom Lane wrote:
> 1. Back-patch that patch, probably also including the followup adjustments
>   in 86029b31e and 36a3be654.
>
> 2. Add #if's to use 31cf1a1a4's coding with OpenSSL >= 1.1, while keeping
>    the older code for use when built against older OpenSSLs.
>
> 3. Conditionally disable renegotiation altogether with OpenSSL >= 1.1,
>    thus adopting 9.5 not 9.4 behavior when using newer OpenSSL.
>
> [...]
>
> Thoughts?

Given that I cannot recall seeing any complaints about the behavior of 
9.4 compared to 9.3 I am leaning towards #1. That way there are fewer 
different versions of our OpenSSL code.

Andreas


Commits

  1. Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.