Re: Update minimum SSL version
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Magnus Hagander <magnus@hagander.net>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-12-05T01:48:23Z
Lists: pgsql-hackers
On Mon, Dec 02, 2019 at 02:09:51PM +0100, Daniel Gustafsson wrote: > However, looking at the signatures detected by autoconf we can however get an > idea of which version is used. SSL_clear_options and X509_get_signature_nid() > first shipped in 1.0.2, while SSL_get_current_compression first shipped in > 0.9.8. There are also a set of functions which are new in 1.1.0 (BIO_get_data > et.al). I was just looking at this problem, and something does not match with what you wrote here. SSL_clear_options() is defined in OpenSSL from 0.9.8 to 1.0.2 as a macro (see ssl/ssl.h), and is defined as a function since 1.1.0. So it seems to me that we are able to correctly detect the presence of this function in the configure checks if building with 1.1.0~, but not other versions. In LibreSSL, the code has visibly always used a macro, even on their latest HEAD since the code has been forked from OpenSSL 1.0.1g: https://github.com/libressl-portable/openbsd. So we should be able to compile our code, still we fail to detect that we can use the macro. It seems to me that we have quite a couple of arguments in favor of dropping this configure check all together. (I saw the business around a364dfa as well regarding NetBSD 5.1). We can do more cleanup, and the discussion is quite different than the original intent of this thread, so I am going to create a new one on the matter. -- Michael
Commits
-
Fix handling of OpenSSL's SSL_clear_options
- 7ad544fd8e45 11.7 landed
- 902276ff1309 12.2 landed
- 7d0bcb047717 13.0 landed
-
Remove configure check for OpenSSL's SSL_get_current_compression()
- 28f4bba66b57 13.0 landed
-
Update minimum SSL version
- b1abfec82547 13.0 landed