Re: Missing include <openssl/x509.h> in be-secure-openssl.c?

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, buildfarm(at)sraoss(dot)co(dot)jp
Subject: Re: Missing include <openssl/x509.h> in be-secure-openssl.c?
Date: 2021-11-01 10:51:30
Message-ID: 3C44D869-9BA5-4D02-9812-BF85D105B315@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> On 1 Nov 2021, at 06:27, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> On Sun, Oct 31, 2021 at 06:45:47PM -0400, Tom Lane wrote:

>> Anyway, I propose adding that #include.
>
> openssl/ssl.h includes openssl/x509.h if OPENSSL_NO_DEPRECATED_1_1_0
> is not defined, but agreed that adding the header makes sense here.

It does make sense, but it's a bit worrisome that the indirect inclusion no
longer works as there is no obvious explanation as to why. Looking at the
headers in supported versions, the only real difference would be that 3.0.0 now
defines #pragma once. For that to matter though it would mean it was included
in the compilation unit before OPENSSL_API_COMPAT is defined from pg_config.h
(or something entirely else as #pragma once is problematic and compiler
dependent).

Knowing the version used in hamerkop before and after (assuming it changed)
would be quite interesting.

> x509v3.h includes x509.h, so fe-secure-openssl.h would not need an
> update. Now could it be a better practice to include both there?

Judging by OpenSSL, including both is common practice unless the module only
deals with v3 extensions. Following that lead seems reasonable.

--
Daniel Gustafsson https://vmware.com/

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tomas Vondra 2021-11-01 12:22:04 Re: Added schema level support for publication.
Previous Message Alexander Pyhalov 2021-11-01 10:30:27 Re: Partial aggregates pushdown