Re: OpenSSL 1.1 breaks configure and more
Andreas Karlsson <andreas@proxel.se>
From: Andreas Karlsson <andreas@proxel.se>
To: Heikki Linnakangas <hlinnaka@iki.fi>, Victor Wagner <vitus@wagner.pp.ru>,
pgsql-hackers@postgresql.org, Christoph Berg <myon@debian.org>,
Tom Lane <tgl@sss.pgh.pa.us>
Date: 2016-09-15T00:16:27Z
Lists: pgsql-hackers
On 09/15/2016 02:03 AM, Andreas Karlsson wrote: > On 09/12/2016 06:51 PM, Heikki Linnakangas wrote: >> Changes since last version: >> >> * Added more error checks to the my_BIO_s_socket() function. Check for >> NULL result from malloc(). Check the return code of BIO_meth_set_*() >> functions; looking at OpenSSL sources, they always succeed, but all the >> test/example programs that come with OpenSSL do check them. >> >> * Use BIO_get_new_index() to get the index number for the wrapper BIO. >> >> * Also call BIO_meth_set_puts(). It was missing in previous patch >> versions. >> >> * Fixed src/test/ssl test suite to also work with OpenSSL 1.1.0. >> >> * Changed all references (in existing code) to SSLEAY_VERSION_NUMBER >> into OPENSSL_VERSION_NUMBER, for consistency. >> >> * Squashed all into one patch. >> >> I intend to apply this to all supported branches, so please have a look! >> This is now against REL9_6_STABLE, but there should be little difference >> between branches in the code that this touches. > > This patch no longer seems to apply to head after the removed support of > 0.9.6. Is that intentional? Never mind. I just failed at reading. Now for a review: It looks generally good but I think I saw one error. In fe-secure-openssl.c your code still calls SSL_library_init() in OpenSSL 1.1. I think it should be enough to just call OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) like you do in be-secure. Andreas
Commits
-
Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.
- fbfeceb25362 9.3.17 landed
- 58384149bdbd 9.2.21 landed