Re: OpenSSL 1.1 breaks configure and more

Andreas Karlsson <andreas@proxel.se>

From: Andreas Karlsson <andreas@proxel.se>
To: Tom Lane <tgl@sss.pgh.pa.us>, Christoph Berg <myon@debian.org>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2016-07-01T00:27:03Z
Lists: pgsql-hackers

Attachments

Hi,

Here is an initial set of patches related to OpenSSL 1.1. Everything 
should still build fine on older OpenSSL versions (and did when I tested 
with 1.0.2h).

0001-Fixes-for-compiling-with-OpenSSL-1.1.patch

This patch fixes the code so it builds with OpenSSL 1.1 (except the 
CRYPTO_LOCK issue I have reported to the OpenSSL team).

- Makes our configure script check for SSL_new instead
- Uses functions instead of direct access to struct members

0002-Define-CRYPTO_LOCK-for-OpenSSL-1.1-compat.patch

Fix for the removal of the CRYPTO_LOCK define. I am trying to convince 
them to add the define back. :)

0003-Remove-OpenSSL-1.1-deprecation-warnings.patch

Silence all warnings. This commit changes more things and is not 
necessary for getting PostgreSQL to build against 1.1.

- Silences deprecation other warnings related to that OpenSSL 1.1 now 
1) automatically initializes the library and 2) no longer uses the 
locking callback.
- Silences deprecation warning when generating DH parameters.

Andreas

Commits

  1. Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.