Re: OpenSSL 1.1 breaks configure and more

On Tue, Sep 13, 2016 at 1:51 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> I planned to commit this today, but while reading through it and testing, I
> ended up doing a bunch more changes, so this deserves another round of
> review.

OK, I am giving it a try. Note to people using OSX: at least for brew
there is the formula openssl(at)1(dot)1 that you can use with the following
flags:
CFLAGS="-I/usr/local/opt/openssl(at)1(dot)1/include"
LDFLAGS="-L/usr/local/opt/openssl(at)1(dot)1/lib"
Postgres is not the only broken thing, so they kept the formula
openssl to 1.0.2.

> Changes since last version:
>
> * Added more error checks to the my_BIO_s_socket() function. Check for NULL
> result from malloc(). Check the return code of BIO_meth_set_*() functions;
> looking at OpenSSL sources, they always succeed, but all the test/example
> programs that come with OpenSSL do check them.
>
> * Use BIO_get_new_index() to get the index number for the wrapper BIO.
>
> * Also call BIO_meth_set_puts(). It was missing in previous patch versions.
>
> * Fixed src/test/ssl test suite to also work with OpenSSL 1.1.0.
>
> * Changed all references (in existing code) to SSLEAY_VERSION_NUMBER into
> OPENSSL_VERSION_NUMBER, for consistency.
>
> * Squashed all into one patch.
>
> I intend to apply this to all supported branches, so please have a look!
> This is now against REL9_6_STABLE, but there should be little difference
> between branches in the code that this touches.

I just took a look at this patch, testing it on the way with 1.1.0 and
1.0.2. And it looks in pretty good shape.

+ ResourceOwner owner;
+ struct OSSLDigest *next;
+ struct OSSLDigest *prev;
This could be done as well with a list of pg_list, the cost being a
couple of extra calls to switch memory contexts, but it would simplify
free_openssldigest when cleaning up an entry. I guessed you already
thought about that but discarded it?
--
Michael