Re: OpenSSL 1.1 breaks configure and more
Christoph Berg <myon@debian.org>
From: Christoph Berg <myon@debian.org>
To: Heikki Linnakangas <hlinnaka@iki.fi>, Michael Paquier <michael.paquier@gmail.com>, Andreas Karlsson <andreas@proxel.se>, Victor Wagner <vitus@wagner.pp.ru>, pgsql-hackers@postgresql.org, Tom Lane <tgl@sss.pgh.pa.us>
Cc: Alvaro Herrera <alvherre@2ndquadrant.com>
Date: 2016-09-16T14:11:06Z
Lists: pgsql-hackers
Re: To Heikki Linnakangas 2016-09-15 <20160915213406.2mjlhcg7px3saynq@msg.df7cb.de>
> > Can you elaborate? Are you saying that Debian 9 (strect) will not ship
> > OpenSSL 1.0.2 anymore, and will require using OpenSSL 1.1.0?
>
> I thought that was the plan, but upon asking on #debian-devel, it
> seems it's not set yet. I'll ask the maintainers directly and report
> back.
The plan is to ship only OpenSSL 1.1 in Stretch. (The list of packages
not yet ported is enormous, though, so I'm not yet sure it will really
happen.)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827061
Re: Tom Lane 2016-09-16 <17025.1473977329@sss.pgh.pa.us>
> > Here is the result of backporting the sum of the two patches on top of
> > REL9_4_STABLE. Not sure if we need this, but if we do we can apply this
> > patch.
>
> If someone's done the legwork, I think we would be well advised to
> back-patch. Maybe not bother with 9.1 though.
Thanks for the patch!
I just tried to apply it to 9.2. There was a conflict in configure.in which was
trivial to resolve.
Another conflict in contrib/pgcrypto/pgcrypto.c was not applicable
because the code doesn't seem to exist (didn't try very hard though).
Ignoring the contrib conflict, it still didn't compile:
/home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c: In function ‘secure_write’:
/home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c:342:17: error: dereferencing pointer to incomplete type ‘SSL {aka struct ssl_st}’
if (port->ssl->state != SSL_ST_OK)
^~
/home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c:342:28: error: ‘SSL_ST_OK’ undeclared (first use in this function)
if (port->ssl->state != SSL_ST_OK)
^~~~~~~~~
Christoph
Commits
-
Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.
- fbfeceb25362 9.3.17 landed
- 58384149bdbd 9.2.21 landed