| From: | Victor Wagner <vitus(at)wagner(dot)pp(dot)ru> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Subject: | Re: PostgreSQL12 and older versions of OpenSSL |
| Date: | 2019-09-24 10:07:31 |
| Message-ID: | 20190924130731.2270332e@fafnir.local.vm |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 24 Sep 2019 18:49:17 +0900
Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> On Tue, Sep 24, 2019 at 10:18:59AM +0300, Victor Wagner wrote:
> > PostgreSQL 12 documentation states, that minimum required version of
> > OpenSSL is 0.9.8. However, I was unable to сompile current
> > PGPRO_12_STABLE with OpenSSL 0.9.8j (from SLES 11sp4).
>
> I can reproduce that with REL_12_STABLE and the top of
> OpenSSL_0_9_8-stable fromx OpenSSL's git.
>
> > Replacing all
> >
> > #ifdef TLS1_1_VERSION
> >
> > with
> >
> > #if defined(TLS1_1_VERSION) && TLS1_1_VERSION <= TLS_MAX_VERSION
> >
> > and analogue for TLS1_2_VERSION fixes the problem.
>
> That sounds like a plan.
[skip]
> > ...
> > (line 1290). In this case check for TLS1_1_VERSION <=
> > TLS_MAX_VERSION seems to be more self-explanatory, than check for
> > somewhat unrelated symbol SSL_OP_NO_TLSv1_1
>
> That sounds right. Victor, would you like to write a patch?
I'm attaching patch which uses solution mentioned above.
It seems that chedk for SSL_OP_NO_TLSvX_Y is redundant if
we are checking for TLS_MAX_VERSION.
--
| Attachment | Content-Type | Size |
|---|---|---|
| openssl-0.9.8-tls11.patch | text/x-patch | 1.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dilip Kumar | 2019-09-24 10:34:17 | Re: abort-time portal cleanup |
| Previous Message | Luis Carril | 2019-09-24 09:52:24 | Re: Option to dump foreign data in pg_dump |