Re: OpenSSL 1.1 breaks configure and more
Andreas Karlsson <andreas@proxel.se>
From: Andreas Karlsson <andreas@proxel.se>
To: Tom Lane <tgl@sss.pgh.pa.us>, Christoph Berg <myon@debian.org>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2016-06-27T17:26:18Z
Lists: pgsql-hackers
On 06/27/2016 05:24 PM, Tom Lane wrote: > Christoph Berg <myon@debian.org> writes: >> as reported by Debian's OpenSSL maintainers, PostgreSQL is failing to >> build against a snapshot of the upcoming 1.1.0 version. > > The errors you report make it sound like they broke API compatibility > wholesale. Was that really their intent? If so, where are the changes > documented? I do not see that they have documented the removal of the SSL_library_init symbol anywhere. They changed the function into a macro in the following commit. I guess we have to check for some other symbol, like SSL_new. https://github.com/openssl/openssl/commit/7fa792d14d06cdaca18f225b1d2d8daf8ed24fd7 They have also, which is in the release notes, broken API compatibility when they made the BIO and BIO_METHOD structs opaque. This will probably require some ugly ugly #ifs or compatibility macros from us. They also seem to have broken our OpenSSL thread safety callback when they added their new threading API and removed the CRYPTO_LOCK define. I have reported this in their issue tracker (https://github.com/openssl/openssl/issues/1260). In addition to this there are a couple of deprecated functions (DH_generate_parameters() and OPENSSL_config()), but they look pretty easy to handle. I think much of the above is missing from the release notes I have found. I hope they will be more complete at the time of the release. I am working on a patch to handle these API changes. - https://www.openssl.org/news/openssl-1.1.0-notes.html - https://wiki.openssl.org/index.php/1.1_API_Changes Andreas
Commits
-
Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.
- fbfeceb25362 9.3.17 landed
- 58384149bdbd 9.2.21 landed