Re: OpenSSL 1.1 breaks configure and more
Andreas Karlsson <andreas@proxel.se>
From: Andreas Karlsson <andreas@proxel.se>
To: Victor Wagner <vitus@wagner.pp.ru>, pgsql-hackers@postgresql.org,
Christoph Berg <myon@debian.org>, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2016-07-05T13:46:53Z
Lists: pgsql-hackers
Attachments
- 0001-Fixes-for-compiling-with-OpenSSL-1.1-v3.patch (text/x-patch)
On 07/05/2016 11:13 AM, Victor Wagner wrote: > On Fri, 1 Jul 2016 02:27:03 +0200 > Andreas Karlsson <andreas@proxel.se> wrote: >> 0003-Remove-OpenSSL-1.1-deprecation-warnings.patch >> >> Silence all warnings. This commit changes more things and is not >> necessary for getting PostgreSQL to build against 1.1. > > This patch breaks feature, which exists in PostgreSQL since 8.2 - > support for SSL ciphers, provided by loadable modules such as Russian > national standard (GOST) algorithms, and support for cryptographic > hardware tokens (which are also supported by loadble modules called > engines in OpenSSL). > > Call for OPENSSL_config was added to PostgreSQL for this purpose - it > loads default OpenSSL configuration file, where such things as crypto > hardware modules can be configured. > > If we wish to keep this functionality, we need to explicitely call > > OPENSSL_init_ssl(INIT_LOAD_CONFIG,NULL) instead of deprecated > OPENSSL_config in 1.1.0 Thanks for testing the patches! I have attached a new set of patches which this is fixed. I have also skipped the last patch since OpenSSL has fixed the two issues I have mentioned earlier in this thread. Andreas
Commits
-
Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.
- fbfeceb25362 9.3.17 landed
- 58384149bdbd 9.2.21 landed