Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit a364dfa

Browse files
committed
Attempt to fix build with unusual OpenSSL versions
Since e3bdb2d, libpq failed to build on some platforms because they did not have SSL_clear_options(). Although mainline OpenSSL introduced SSL_clear_options() after SSL_OP_NO_COMPRESSION, so the code should have built fine, at least an old NetBSD version (build farm "coypu" NetBSD 5.1 gcc 4.1.3 PR-20080704 powerpc) has SSL_OP_NO_COMPRESSION but no SSL_clear_options(). So add a configure check for SSL_clear_options(). If we don't find it, skip the call. That means on such a platform one cannot *enable* SSL compression if the built-in default is off, but that seems an unlikely combination anyway and not very interesting in practice.
1 parent 3de04e4 commit a364dfa

File tree

4 files changed

+13
-2
lines changed

4 files changed

+13
-2
lines changed

configure

+1-1
Original file line numberDiff line numberDiff line change
@@ -10203,7 +10203,7 @@ else
1020310203
fi
1020410204

1020510205
fi
10206-
for ac_func in SSL_get_current_compression X509_get_signature_nid
10206+
for ac_func in SSL_clear_options SSL_get_current_compression X509_get_signature_nid
1020710207
do :
1020810208
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
1020910209
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

configure.in

+1-1
Original file line numberDiff line numberDiff line change
@@ -1067,7 +1067,7 @@ if test "$with_openssl" = yes ; then
10671067
AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])])
10681068
AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])])
10691069
fi
1070-
AC_CHECK_FUNCS([SSL_get_current_compression X509_get_signature_nid])
1070+
AC_CHECK_FUNCS([SSL_clear_options SSL_get_current_compression X509_get_signature_nid])
10711071
# Functions introduced in OpenSSL 1.1.0. We used to check for
10721072
# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
10731073
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it

src/include/pg_config.h.in

+3
Original file line numberDiff line numberDiff line change
@@ -479,6 +479,9 @@
479479
/* Define to 1 if you have the `srandom' function. */
480480
#undef HAVE_SRANDOM
481481

482+
/* Define to 1 if you have the `SSL_clear_options' function. */
483+
#undef HAVE_SSL_CLEAR_OPTIONS
484+
482485
/* Define to 1 if you have the `SSL_get_current_compression' function. */
483486
#undef HAVE_SSL_GET_CURRENT_COMPRESSION
484487

src/interfaces/libpq/fe-secure-openssl.c

+8
Original file line numberDiff line numberDiff line change
@@ -1194,8 +1194,16 @@ initialize_SSL(PGconn *conn)
11941194
#ifdef SSL_OP_NO_COMPRESSION
11951195
if (conn->sslcompression && conn->sslcompression[0] == '0')
11961196
SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
1197+
/*
1198+
* Mainline OpenSSL introduced SSL_clear_options() before
1199+
* SSL_OP_NO_COMPRESSION, so this following #ifdef should not be
1200+
* necessary, but some old NetBSD version have a locally modified libssl
1201+
* that has SSL_OP_NO_COMPRESSION but not SSL_clear_options().
1202+
*/
1203+
#ifdef HAVE_SSL_CLEAR_OPTIONS
11971204
else
11981205
SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION);
1206+
#endif
11991207
#endif
12001208

12011209
return 0;

0 commit comments

Comments
 (0)