1: 18fd368e0e ! 1: 957a011364 libpq: add sslrootcert=system to use default CAs @@ .cirrus.yml: task: ccache_cache: - ## configure ## -@@ configure: $as_echo "$ac_res" >&6; } - - } # ac_fn_c_check_func - -+# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES -+# --------------------------------------------- -+# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR -+# accordingly. -+ac_fn_c_check_decl () -+{ -+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -+ # Initialize each $ac_[]_AC_LANG_ABBREV[]_decl_warn_flag once. -+ as_decl_name=`echo $2|sed 's/ *(.*//'` -+ as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 -+$as_echo_n "checking whether $as_decl_name is declared... " >&6; } -+if eval \${$3+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ ac_save_werror_flag=$ac_c_werror_flag -+ ac_c_werror_flag="$ac_c_decl_warn_flag$ac_c_werror_flag" -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+$4 -+int -+main () -+{ -+#ifndef $as_decl_name -+#ifdef __cplusplus -+ (void) $as_decl_use; -+#else -+ (void) $as_decl_name; -+#endif -+#endif -+ -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_compile "$LINENO"; then : -+ eval "$3=yes" -+else -+ eval "$3=no" -+fi -+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -+ ac_c_werror_flag=$ac_save_werror_flag -+fi -+eval ac_res=\$$3 -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -+$as_echo "$ac_res" >&6; } -+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -+ -+} # ac_fn_c_check_decl -+ - # ac_fn_c_check_type LINENO TYPE VAR INCLUDES - # ------------------------------------------- - # Tests whether TYPE exists after having included INCLUDES, setting cache -@@ configure: rm -f conftest.val - as_fn_set_status $ac_retval - - } # ac_fn_c_compute_int -- --# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES --# --------------------------------------------- --# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR --# accordingly. --ac_fn_c_check_decl () --{ -- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -- # Initialize each $ac_[]_AC_LANG_ABBREV[]_decl_warn_flag once. -- as_decl_name=`echo $2|sed 's/ *(.*//'` -- as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 --$as_echo_n "checking whether $as_decl_name is declared... " >&6; } --if eval \${$3+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- ac_save_werror_flag=$ac_c_werror_flag -- ac_c_werror_flag="$ac_c_decl_warn_flag$ac_c_werror_flag" -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --$4 --int --main () --{ --#ifndef $as_decl_name --#ifdef __cplusplus -- (void) $as_decl_use; --#else -- (void) $as_decl_name; --#endif --#endif -- -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- eval "$3=yes" --else -- eval "$3=no" --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -- ac_c_werror_flag=$ac_save_werror_flag --fi --eval ac_res=\$$3 -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 --$as_echo "$ac_res" >&6; } -- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -- --} # ac_fn_c_check_decl - cat >config.log <<_ACEOF - This file contains any messages produced by compilers while - running configure, to aid debugging if configure makes a mistake. -@@ configure: _ACEOF - fi - done - -+ # Let tests differentiate between vanilla OpenSSL and LibreSSL. -+ # The Clang compiler raises a warning for an undeclared identifier that matches -+# a compiler builtin function. All extant Clang versions are affected, as of -+# Clang 3.6.0. Test a builtin known to every version. This problem affects the -+# C and Objective C languages, but Clang does report an error under C++ and -+# Objective C++. -+# -+# Passing -fno-builtin to the compiler would suppress this problem. That -+# strategy would have the advantage of being insensitive to stray warnings, but -+# it would make tests less realistic. -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how $CC reports undeclared, standard C functions" >&5 -+$as_echo_n "checking how $CC reports undeclared, standard C functions... " >&6; } -+if ${ac_cv_c_decl_report+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+ -+int -+main () -+{ -+(void) strchr; -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_compile "$LINENO"; then : -+ if test -s conftest.err; then : -+ # For AC_CHECK_DECL to react to warnings, the compiler must be silent on -+ # valid AC_CHECK_DECL input. No library function is consistently available -+ # on freestanding implementations, so test against a dummy declaration. -+ # Include always-available headers on the off chance that they somehow -+ # elicit warnings. -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#include -+#include -+#include -+#include -+extern void ac_decl (int, char *); -+int -+main () -+{ -+#ifdef __cplusplus -+ (void) ac_decl ((int) 0, (char *) 0); -+ (void) ac_decl; -+#else -+ (void) ac_decl; -+#endif -+ -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_compile "$LINENO"; then : -+ if test -s conftest.err; then : -+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+as_fn_error $? "cannot detect from compiler exit status or warnings -+See \`config.log' for more details" "$LINENO" 5; } -+else -+ ac_cv_c_decl_report=warning -+fi -+else -+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+as_fn_error $? "cannot compile a simple declaration test -+See \`config.log' for more details" "$LINENO" 5; } -+fi -+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -+else -+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+as_fn_error $? "compiler does not report undeclared identifiers -+See \`config.log' for more details" "$LINENO" 5; } -+fi -+else -+ ac_cv_c_decl_report=error -+fi -+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_decl_report" >&5 -+$as_echo "$ac_cv_c_decl_report" >&6; } -+ -+case $ac_cv_c_decl_report in -+ warning) ac_c_decl_warn_flag=yes ;; -+ *) ac_c_decl_warn_flag= ;; -+esac -+ -+ac_fn_c_check_decl "$LINENO" "LIBRESSL_VERSION_NUMBER" "ac_cv_have_decl_LIBRESSL_VERSION_NUMBER" "#include -+" -+if test "x$ac_cv_have_decl_LIBRESSL_VERSION_NUMBER" = xyes; then : -+ ac_have_decl=1 -+else -+ ac_have_decl=0 -+fi -+ -+cat >>confdefs.h <<_ACEOF -+#define HAVE_DECL_LIBRESSL_VERSION_NUMBER $ac_have_decl -+_ACEOF -+ - - $as_echo "#define USE_OPENSSL 1" >>confdefs.h - -@@ configure: fi - # posix_fadvise() is a no-op on Solaris, so don't incur function overhead - # by calling it, 2009-04-02 - # http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/libc/port/gen/posix_fadvise.c --# The Clang compiler raises a warning for an undeclared identifier that matches --# a compiler builtin function. All extant Clang versions are affected, as of --# Clang 3.6.0. Test a builtin known to every version. This problem affects the --# C and Objective C languages, but Clang does report an error under C++ and --# Objective C++. --# --# Passing -fno-builtin to the compiler would suppress this problem. That --# strategy would have the advantage of being insensitive to stray warnings, but --# it would make tests less realistic. --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how $CC reports undeclared, standard C functions" >&5 --$as_echo_n "checking how $CC reports undeclared, standard C functions... " >&6; } --if ${ac_cv_c_decl_report+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- --int --main () --{ --(void) strchr; -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- if test -s conftest.err; then : -- # For AC_CHECK_DECL to react to warnings, the compiler must be silent on -- # valid AC_CHECK_DECL input. No library function is consistently available -- # on freestanding implementations, so test against a dummy declaration. -- # Include always-available headers on the off chance that they somehow -- # elicit warnings. -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --#include --#include --#include --#include --extern void ac_decl (int, char *); --int --main () --{ --#ifdef __cplusplus -- (void) ac_decl ((int) 0, (char *) 0); -- (void) ac_decl; --#else -- (void) ac_decl; --#endif -- -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- if test -s conftest.err; then : -- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 --$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} --as_fn_error $? "cannot detect from compiler exit status or warnings --See \`config.log' for more details" "$LINENO" 5; } --else -- ac_cv_c_decl_report=warning --fi --else -- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 --$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} --as_fn_error $? "cannot compile a simple declaration test --See \`config.log' for more details" "$LINENO" 5; } --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext --else -- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 --$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} --as_fn_error $? "compiler does not report undeclared identifiers --See \`config.log' for more details" "$LINENO" 5; } --fi --else -- ac_cv_c_decl_report=error --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_decl_report" >&5 --$as_echo "$ac_cv_c_decl_report" >&6; } -- --case $ac_cv_c_decl_report in -- warning) ac_c_decl_warn_flag=yes ;; -- *) ac_c_decl_warn_flag= ;; --esac -- - if test "$PORTNAME" != "solaris"; then : - - for ac_func in posix_fadvise - - ## configure.ac ## -@@ configure.ac: if test "$with_ssl" = openssl ; then - AC_CHECK_FUNCS([CRYPTO_lock]) - # Function introduced in OpenSSL 1.1.1. - AC_CHECK_FUNCS([X509_get_signature_info]) -+ # Let tests differentiate between vanilla OpenSSL and LibreSSL. -+ AC_CHECK_DECLS([LIBRESSL_VERSION_NUMBER], [], [], [#include ]) - AC_DEFINE([USE_OPENSSL], 1, [Define to 1 to build with OpenSSL support. (--with-ssl=openssl)]) - elif test "$with_ssl" != no ; then - AC_MSG_ERROR([--with-ssl must specify openssl]) - ## doc/src/sgml/libpq.sgml ## @@ doc/src/sgml/libpq.sgml: postgresql://%2Fvar%2Flib%2Fpostgresql/dbname to be signed by one of these authorities. The default is @@ doc/src/sgml/runtime.sgml: pg_dumpall -p 5432 | psql -d postgres -p 5433 - ## meson.build ## -@@ meson.build: if sslopt in ['auto', 'openssl'] - else - ssl = not_found_dep - endif -+ -+ if ssl.found() -+ # Let tests differentiate between vanilla OpenSSL and LibreSSL. -+ sym = 'LIBRESSL_VERSION_NUMBER' -+ found = cc.has_header_symbol('openssl/opensslv.h', sym, dependencies: ssl_int) -+ cdata.set10('HAVE_DECL_' + sym, found, description: -+'''Define to 1 if you have the declaration of `@0@', and to 0 if you -+ don't.'''.format(sym)) -+ endif - endif - endif - - - ## src/include/pg_config.h.in ## -@@ - don't. */ - #undef HAVE_DECL_F_FULLFSYNC - -+/* Define to 1 if you have the declaration of `LIBRESSL_VERSION_NUMBER', and -+ to 0 if you don't. */ -+#undef HAVE_DECL_LIBRESSL_VERSION_NUMBER -+ - /* Define to 1 if you have the declaration of - `LLVMCreateGDBRegistrationListener', and to 0 if you don't. */ - #undef HAVE_DECL_LLVMCREATEGDBREGISTRATIONLISTENER - ## src/interfaces/libpq/fe-secure-openssl.c ## @@ src/interfaces/libpq/fe-secure-openssl.c: initialize_SSL(PGconn *conn) else @@ src/test/ssl/t/001_ssltests.pl: sub switch_server_cert $ssl_server->switch_server_cert(@_); } + -+# Determine whether this build uses OpenSSL or LibreSSL. -+my $libressl = check_pg_config("#define HAVE_DECL_LIBRESSL_VERSION_NUMBER 1"); ++# Determine whether this build uses OpenSSL or LibreSSL. As a heuristic, the ++# HAVE_SSL_CTX_SET_CERT_CB macro isn't defined for LibreSSL. (Nor for OpenSSL ++# 1.0.1, but that's old enough that accomodating it isn't worth the cost.) ++my $libressl = not check_pg_config("#define HAVE_SSL_CTX_SET_CERT_CB 1"); + #### Some configuration 2: ba09e1d83f = 2: c822c579ea libpq: force sslmode=verify-full for system CAs