Re: OpenSSL 1.1 breaks configure and more

Andreas Karlsson <andreas@proxel.se>

From: Andreas Karlsson <andreas@proxel.se>
To: Christoph Berg <myon@debian.org>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2016-06-27T18:21:35Z
Lists: pgsql-hackers
On 06/27/2016 08:12 PM, Christoph Berg wrote:
> Re: Andreas Karlsson 2016-06-27 <8a0a5959-0b83-3dc8-d9e7-66ce8c1c5bc7@proxel.se>
>>> The errors you report make it sound like they broke API compatibility
>>> wholesale.  Was that really their intent?  If so, where are the changes
>>> documented?
>>
>> I do not see that they have documented the removal of the SSL_library_init
>> symbol anywhere. They changed the function into a macro in the following
>> commit. I guess we have to check for some other symbol, like SSL_new.
>
> I'm not an autoconf expert, but as said in the original mail, I could
> get the SSL_library_init check to work, even if that's a macro now:

Yes, we could do that, but I do not think we should check for the 
existence of a backwards compatibility macro. Actually I think we may 
want to skip much of the OpenSSL initialization code when compiling 
against OpenSSL 1.1 since they have now added automatic initialization 
of the library. Instead I think we should check for something we 
actually will use like SSL_CTX_new().

Andreas


Commits

  1. Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.