@@ -508,10 +508,6 @@ wildcard_certificate_match(const char *pattern, const char *string)
508
508
return 1 ;
509
509
}
510
510
511
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
512
- #define ASN1_STRING_get0_data ASN1_STRING_data
513
- #endif
514
-
515
511
/*
516
512
* Check if a name from a server's certificate matches the peer's hostname.
517
513
*
@@ -546,7 +542,11 @@ verify_peer_name_matches_certificate_name(PGconn *conn, ASN1_STRING *name_entry,
546
542
* There is no guarantee the string returned from the certificate is
547
543
* NULL-terminated, so make a copy that is.
548
544
*/
545
+ #ifdef HAVE_ASN1_STRING_GET0_DATA
549
546
namedata = ASN1_STRING_get0_data (name_entry );
547
+ #else
548
+ namedata = ASN1_STRING_data (name_entry );
549
+ #endif
550
550
len = ASN1_STRING_length (name_entry );
551
551
name = malloc (len + 1 );
552
552
if (name == NULL )
@@ -734,10 +734,13 @@ verify_peer_name_matches_certificate(PGconn *conn)
734
734
return found_match && !got_error ;
735
735
}
736
736
737
- #if defined(ENABLE_THREAD_SAFETY ) && OPENSSL_VERSION_NUMBER < 0x10100000L
737
+ #if defined(ENABLE_THREAD_SAFETY ) && defined( HAVE_CRYPTO_LOCK )
738
738
/*
739
- * Callback functions for OpenSSL internal locking. (OpenSSL 1.1.0
740
- * does its own locking, and doesn't need these anymore.)
739
+ * Callback functions for OpenSSL internal locking. (OpenSSL 1.1.0
740
+ * does its own locking, and doesn't need these anymore. The
741
+ * CRYPTO_lock() function was removed in 1.1.0, when the callbacks
742
+ * were made obsolete, so we assume that if CRYPTO_lock() exists,
743
+ * the callbacks are still required.)
741
744
*/
742
745
743
746
static unsigned long
@@ -767,7 +770,7 @@ pq_lockingcallback(int mode, int n, const char *file, int line)
767
770
PGTHREAD_ERROR ("failed to unlock mutex" );
768
771
}
769
772
}
770
- #endif /* ENABLE_THREAD_SAFETY && OPENSSL_VERSION_NUMBER < 0x10100000L */
773
+ #endif /* ENABLE_THREAD_SAFETY && HAVE_CRYPTO_LOCK */
771
774
772
775
/*
773
776
* Initialize SSL system, in particular creating the SSL_context object
@@ -806,7 +809,7 @@ pgtls_init(PGconn *conn)
806
809
if (pthread_mutex_lock (& ssl_config_mutex ))
807
810
return -1 ;
808
811
809
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
812
+ #ifdef HAVE_CRYPTO_LOCK
810
813
if (pq_init_crypto_lib )
811
814
{
812
815
/*
@@ -847,14 +850,14 @@ pgtls_init(PGconn *conn)
847
850
CRYPTO_set_locking_callback (pq_lockingcallback );
848
851
}
849
852
}
850
- #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
853
+ #endif /* HAVE_CRYPTO_LOCK */
851
854
#endif /* ENABLE_THREAD_SAFETY */
852
855
853
856
if (!SSL_context )
854
857
{
855
858
if (pq_init_ssl_lib )
856
859
{
857
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
860
+ #ifdef HAVE_OPENSSL_INIT_SSL
858
861
OPENSSL_init_ssl (OPENSSL_INIT_LOAD_CONFIG , NULL );
859
862
#else
860
863
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
@@ -917,7 +920,7 @@ pgtls_init(PGconn *conn)
917
920
static void
918
921
destroy_ssl_system (void )
919
922
{
920
- #if defined(ENABLE_THREAD_SAFETY ) && OPENSSL_VERSION_NUMBER < 0x10100000L
923
+ #if defined(ENABLE_THREAD_SAFETY ) && defined( HAVE_CRYPTO_LOCK )
921
924
/* Mutex is created in initialize_ssl_system() */
922
925
if (pthread_mutex_lock (& ssl_config_mutex ))
923
926
return ;
@@ -1632,7 +1635,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
1632
1635
* to retry; do we need to adopt their logic for that?
1633
1636
*/
1634
1637
1635
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
1638
+ #ifndef HAVE_BIO_GET_DATA
1636
1639
#define BIO_get_data (bio ) (bio->ptr)
1637
1640
#define BIO_set_data (bio , data ) (bio->ptr = data)
1638
1641
#endif
@@ -1705,7 +1708,7 @@ my_BIO_s_socket(void)
1705
1708
if (!my_bio_methods )
1706
1709
{
1707
1710
BIO_METHOD * biom = (BIO_METHOD * ) BIO_s_socket ();
1708
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
1711
+ #ifdef HAVE_BIO_METH_NEW
1709
1712
int my_bio_index ;
1710
1713
1711
1714
my_bio_index = BIO_get_new_index ();
0 commit comments