| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Update minimum SSL version |
| Date: | 2019-12-05 22:29:36 |
| Message-ID: | 3C636E88-44C7-40C6-ABA3-1B236E0A74DE@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 5 Dec 2019, at 15:50, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>>> On 5 Dec 2019, at 02:48, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>>> So it seems to me that we are able to correctly
>>> detect the presence of this function in the configure checks if
>>> building with 1.1.0~, but not other versions.
>
>> Yes, we can't use AC_CHECK_FUNCS but would need to use AC_COMPILE_IFELSE (or a
>> similar check) in order to detect the macro.
>
> configure already has a similar issue for isinf(). (I thought there
> were more cases, actually, but I don't see another right now.)
> We could just duplicate that logic, or maybe it's time to wrap it
> up in an autoconf macro?
>
>> Yes, if we're dropping older versions such that all supported versions have the
>> function, then keeping the autoconf check would be quite pointless.
>
> True as far as HEAD goes.
Good point.
> What I'd like to know is whether not
> realizing that SSL_clear_options is present causes any functional
> issues that would justify back-patching a fix.
ISTM that SSL_clear_options is required for turning on compression. Since
compression was introduced in 1.0.0 and SSL_clear_options was turned into a
function in 1.1.0, it affects 1.0.0, 1.0.1 and 1.0.2 with the latter two being
quite heavily used. I'm not sure how common it is to enable compression, and
especially how common it is post-CRIME, but since the option is there it seems
silly for it not to work with highly common library versions. Removing the
check only affects NetBSD 5, but breaking compilation in a stable release, even
for a rare OS, is I assume/hope a no-no. So thats a +1 from me for back-
patching a fix, while removing the check altogether in master.
The attached converts the check to use AC_LINK_IFELSE, in order to detect the
macro as well as the function (the compiled code is omitted for readability).
The patch is against master, but the check applies against backbranches except
for the AC_CHECK_FUNCS hunk which need tailoring per backbranch. I didn't
convert it to an autoconf macro, as there are only two callers in the
backbranches and it won't go into HEAD.
cheers ./daniel
| Attachment | Content-Type | Size |
|---|---|---|
| ssl_clear_options_check.patch | application/octet-stream | 2.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2019-12-05 22:45:09 | Re: Misleading comment in pg_upgrade.c |
| Previous Message | Andres Freund | 2019-12-05 22:14:53 | Re: Memory-Bounded Hash Aggregation |