Re: Missing include <openssl/x509.h> in be-secure-openssl.c?

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)lists(dot)postgresql(dot)org, buildfarm(at)sraoss(dot)co(dot)jp
Subject: Re: Missing include <openssl/x509.h> in be-secure-openssl.c?
Date: 2021-11-01 05:27:11
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Sun, Oct 31, 2021 at 06:45:47PM -0400, Tom Lane wrote:
> I observe that the OpenSSL docs say you are supposed to
> #include <openssl/x509.h>
> when using these functions. We are including that header in
> some other modules, but not here. I speculate that we've gotten
> away with that so far because of indirect inclusions; but hamerkop
> must be running an OpenSSL version that has rearranged the headers
> enough that that doesn't work anymore. That machine was offline
> for awhile right before it started to fail, so it seems plausible
> that it was rebuilt with some pretty bleeding-edge OpenSSL version.

Hmm. I have tested MSVC with 3.0.0 not so long ago, and this was
working, but maybe they upgraded from 1.0.2 to 3.0.0? I'd be
surprised if this was broken in some way in one of the stable releases
as well. We've had our share of surprises with OpenSSL when it comes
to major upgrades, but nothing that stood out when it came to minor
release compatibility and ABI, AFAIK.

> Anyway, I propose adding that #include.

openssl/ssl.h includes openssl/x509.h if OPENSSL_NO_DEPRECATED_1_1_0
is not defined, but agreed that adding the header makes sense here.

x509v3.h includes x509.h, so fe-secure-openssl.h would not need an
update. Now could it be a better practice to include both there?

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2021-11-01 05:47:00 Re: Use -fvisibility=hidden for shared libraries
Previous Message Greg Nancarrow 2021-11-01 05:22:06 Re: Added schema level support for publication.