Skip site navigation (1) Skip section navigation (2)

Re: [COMMITTERS] pgsql: Use BIO functions to avoid passing FILE * pointers to OpenSSL

From: "Magnus Hagander" <magnus(at)hagander(dot)net>
To: tgl(at)sss(dot)pgh(dot)pa(dot)us
Cc: pgsql-hackers(at)postgresql(dot)org, mha(at)postgresql(dot)org
Subject: Re: [COMMITTERS] pgsql: Use BIO functions to avoid passing FILE * pointers to OpenSSL
Date: 2007-10-02 06:22:07
Message-ID: 20071002062120.9A018DCC62F@svr2.hagander.net (view raw or flat)
Thread:
Lists: pgsql-committerspgsql-hackers
> > http://www.openssl.org/docs/crypto/ERR_set_mark.html
> > says
> > ERR_set_mark() and ERR_pop_to_mark() were added in OpenSSL 0.9.8.
> 
> > Ooops.  Back to the drawing board.
> 
> To get the buildfarm going again, I applied a patch that turns these
> calls into no-ops if the local OpenSSL hasn't got the functions.
> I'm not entirely sure if the net result is a regression for pre-0.9.8
> OpenSSLs or not --- Magnus, any thoughts on that?

I think it is. With Dave's part of the patch and not mine, you get the incorrect error message. It requires that you set sslmode to required which I did't 
originally note, but if you do you'll get the wrong error.

Not sure what's the least evil fix.

We could ifdef the whole fix and use the old code for earlier openssl but bio for 0.9.8. Or we could implement my other idea to load the certificate earlier. 
Or we could just say live with the error message on older openssl. Or someone has another idea?

/Magnus
 

In response to

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2007-10-02 06:42:28
Subject: Re: [COMMITTERS] pgsql: Use BIO functions to avoid passing FILE * pointers to OpenSSL
Previous:From: Jeremy DrakeDate: 2007-10-02 05:16:30
Subject: Re: Build farm failure

pgsql-committers by date

Next:From: Magnus HaganderDate: 2007-10-02 06:42:28
Subject: Re: [COMMITTERS] pgsql: Use BIO functions to avoid passing FILE * pointers to OpenSSL
Previous:From: Tom LaneDate: 2007-10-02 00:27:26
Subject: Re: [COMMITTERS] pgsql: Use BIO functions to avoid passing FILE * pointers to OpenSSL

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group