| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Andreas Karlsson <andreas(at)proxel(dot)se>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Victor Wagner <vitus(at)wagner(dot)pp(dot)ru>, pgsql-hackers(at)postgresql(dot)org, Christoph Berg <myon(at)debian(dot)org>, remi_zara(at)mac(dot)com |
| Subject: | Re: OpenSSL 1.1 breaks configure and more |
| Date: | 2016-08-29 17:46:49 |
| Message-ID: | 322ff387-0255-4e87-a9a3-4a9f788be0bc@iki.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 08/29/2016 08:22 PM, Heikki Linnakangas wrote:
> On 08/27/2016 05:15 PM, Peter Eisentraut wrote:
>> On 8/26/16 9:26 PM, Andreas Karlsson wrote:
>>> I have attached a patch which removes the < 0.9.8 compatibility code.
>>> Should we also add a version check to configure? We do not have any such
>>> check currently.
>>
>> I think that is not necessary.
>
> I was going to change the configure test to check for a different
> function that we use, that's only present in 0.9.8 and later. But the
> only such functions were related to ECDH, and the use of those functions
> is inside "#ifndef OPENSSL_NO_ECDH", so they're not suitable for the
> autoconf test. So I gave up. If you try to build with 0.9.7, you'll get
> compilation errors because of those ECDH symbols, and with 0.9.6,
> probably on some other symbols.
>
> Pushed with some small doc fixes, thanks Andreas! I'll continue
> reviewing the rest of the patches.
Buildfarm animals "locust" and "prairiedog" are not happy with this.
They seem to be using OpenSSL 0.9.7, as they failed with errors related
to those ECDH calls:
be-secure-openssl.c: In function 'initialize_ecdh':
be-secure-openssl.c:978: error: 'EC_KEY' undeclared (first use in this
function)
be-secure-openssl.c:978: error: (Each undeclared identifier is reported
only once
be-secure-openssl.c:978: error: for each function it appears in.)
be-secure-openssl.c:978: error: 'ecdh' undeclared (first use in this
function)
be-secure-openssl.c:979: warning: ISO C90 forbids mixed declarations and
code
be-secure-openssl.c:986: warning: implicit declaration of function
'EC_KEY_new_by_curve_name'
be-secure-openssl.c:991: error: 'SSL_OP_SINGLE_ECDH_USE' undeclared
(first use in this function)
be-secure-openssl.c:992: warning: implicit declaration of function
'SSL_CTX_set_tmp_ecdh'
be-secure-openssl.c:993: warning: implicit declaration of function
'EC_KEY_free'
I only now noticed that Tom said upthread that he still has a buildfarm
critter using 0.9.7 (that's prairiedog). Sorry for the breakage.
It would be easy to put the version check back to still support 0.9.7,
most of the changes in this commit was thanks to removing support for
0.9.6. But that'd complicate the upcoming 1.1.0 support patch slightly,
so let's stick to the plan and drop the support for <= 0.9.7
Tom, Rémi, can you fix locust and prairiedog, please, by updating
OpenSSL or removing --with-openssl?
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2016-08-29 17:47:07 | Re: Renaming of pg_xlog and pg_clog |
| Previous Message | Heikki Linnakangas | 2016-08-29 17:22:22 | Re: OpenSSL 1.1 breaks configure and more |