Re: Missing include <openssl/x509.h> in be-secure-openssl.c?

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, buildfarm@sraoss.co.jp
Date: 2021-11-01T22:26:58Z
Lists: pgsql-hackers
On Mon, Nov 01, 2021 at 11:15:32PM +0100, Daniel Gustafsson wrote:
> On 1 Nov 2021, at 14:33, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> Judging by OpenSSL, including both is common practice unless the module only
>>> deals with v3 extensions. Following that lead seems reasonable.
>> 
>> I see that fe-secure-openssl.c includes only x509v3.h, and it builds
>> successfully on hamerkop.  So I'm now inclined to make be-secure-openssl.c
>> match that.
> 
> That is in and out of itself not wrong, it shouldn't be required but it's
> definitely not wrong to do regardless of what's causing this.

I would follow the practice of upstream to include both if were me
to be consistent, but I'm also fine if you just add x509v3.h to
be-secure-openssl.c.
--
Michael

Commits

  1. contrib/sslinfo needs a fix too to make hamerkop happy.

  2. Second attempt to silence SSL compile failures on hamerkop.

  3. Blind attempt to silence SSL compile failures on hamerkop.