Re: PostgreSQL12 and older versions of OpenSSL
Victor Wagner <vitus@wagner.pp.ru>
From: Victor Wagner <vitus@wagner.pp.ru>
To: pgsql-hackers@lists.postgresql.org
Cc: Michael Paquier <michael@paquier.xyz>
Date: 2019-09-24T10:07:31Z
Lists: pgsql-hackers
Attachments
- openssl-0.9.8-tls11.patch (text/x-patch) patch
On Tue, 24 Sep 2019 18:49:17 +0900 Michael Paquier <michael@paquier.xyz> wrote: > On Tue, Sep 24, 2019 at 10:18:59AM +0300, Victor Wagner wrote: > > PostgreSQL 12 documentation states, that minimum required version of > > OpenSSL is 0.9.8. However, I was unable to сompile current > > PGPRO_12_STABLE with OpenSSL 0.9.8j (from SLES 11sp4). > > I can reproduce that with REL_12_STABLE and the top of > OpenSSL_0_9_8-stable fromx OpenSSL's git. > > > Replacing all > > > > #ifdef TLS1_1_VERSION > > > > with > > > > #if defined(TLS1_1_VERSION) && TLS1_1_VERSION <= TLS_MAX_VERSION > > > > and analogue for TLS1_2_VERSION fixes the problem. > > That sounds like a plan. [skip] > > ... > > (line 1290). In this case check for TLS1_1_VERSION <= > > TLS_MAX_VERSION seems to be more self-explanatory, than check for > > somewhat unrelated symbol SSL_OP_NO_TLSv1_1 > > That sounds right. Victor, would you like to write a patch? I'm attaching patch which uses solution mentioned above. It seems that chedk for SSL_OP_NO_TLSvX_Y is redundant if we are checking for TLS_MAX_VERSION. --
Commits
-
Fix compilation with older OpenSSL versions
- a430c7b4afe8 12.0 landed
- 4e6f101e921c 13.0 landed