Re: OpenSSL 1.1 breaks configure and more

From: Andreas Karlsson <andreas(at)proxel(dot)se>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Christoph Berg <myon(at)debian(dot)org>
Cc: PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: OpenSSL 1.1 breaks configure and more
Date: 2016-06-27 17:26:18
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On 06/27/2016 05:24 PM, Tom Lane wrote:
> Christoph Berg <myon(at)debian(dot)org> writes:
>> as reported by Debian's OpenSSL maintainers, PostgreSQL is failing to
>> build against a snapshot of the upcoming 1.1.0 version.
> The errors you report make it sound like they broke API compatibility
> wholesale. Was that really their intent? If so, where are the changes
> documented?

I do not see that they have documented the removal of the
SSL_library_init symbol anywhere. They changed the function into a macro
in the following commit. I guess we have to check for some other symbol,
like SSL_new.

They have also, which is in the release notes, broken API compatibility
when they made the BIO and BIO_METHOD structs opaque. This will probably
require some ugly ugly #ifs or compatibility macros from us.

They also seem to have broken our OpenSSL thread safety callback when
they added their new threading API and removed the CRYPTO_LOCK define. I
have reported this in their issue tracker

In addition to this there are a couple of deprecated functions
(DH_generate_parameters() and OPENSSL_config()), but they look pretty
easy to handle.

I think much of the above is missing from the release notes I have
found. I hope they will be more complete at the time of the release. I
am working on a patch to handle these API changes.



In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Christoph Berg 2016-06-27 18:12:12 Re: OpenSSL 1.1 breaks configure and more
Previous Message Julien Rouhaud 2016-06-27 17:05:11 Re: Rename max_parallel_degree?