| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz>, Postgres hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_config.h.win32 missing a set of flags from pg_config.h.in added in v11 development |
| Date: | 2018-06-02 17:19:41 |
| Message-ID: | eb6162d3-90d0-222b-c389-884a093be158@iki.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 29/05/18 17:15, Michael Paquier wrote:
> Hi all,
>
> While reviewing the MSVC code, I have noticed that pg_config.h.win32 is
> forgetting about a couple of flags defined in pg_config.h.in for v11
> development. Forgetting some of them is problematic, and here are the
> ones I spotted:
> - HAVE_LDAP_INITIALIZE
> - HAVE_X509_GET_SIGNATURE_NID
> - HAVE_SSL_CLEAR_OPTIONS
>
> HAVE_X509_GET_SIGNATURE_NID is something I worked on for the SCRAM
> channel binding, and not having it means that tls-server-end-point is
> never supported on Windows. What we need to do in this case is to
> extend the MSVC scripts so as "openssl version" is run once and we parse
> the version of OpenSSL from it. If the version is newer than 1.0.2 then
> the function can be used.
>
> For HAVE_LDAP_INITIALIZE, it seems to me that we could get rid of the
> ldap_sslinit part, but I have not studied this close enough to reach a
> conclusion.
>
> HAVE_SSL_CLEAR_OPTIONS means that sslcompression is not turned off by
> default on Windows, which does not look like a good idea to me.
>
> We could treat each issue separately, but the fact that we need to parse
> the function string of openssl and/or openldap to do decision-making for
> the MSVC script is common to all those issues.
I wouldn't be too sorry to just bump our minimum requirements for
Windows, in v11. Assuming that recent-enough versions of OpenLSAP and
OpenSSL are readily available on Windows. I think on Windows, you
typically bundle the .dlls with the PostgreSQL binaries, so it would be
natural to bundle the latest available libraries. And in the unlikely
case that you'd want to use older ones, you could still modify
pg_config.h.win32 manually.
But yeah, clearly those are missing from pg_config.h.win32 at the
moment. It's not actually clear to me, when that file is (supposed to
be) updated. Are you supposed to remember to update it, whenever you
update pg_config.h.in? Or does someone update it with the results from
some canonical MinGW buildfarm member before the release?
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2018-06-02 17:24:41 | Re: pg_config.h.win32 missing a set of flags from pg_config.h.in added in v11 development |
| Previous Message | Heikki Linnakangas | 2018-06-02 17:08:56 | Re: SCRAM with channel binding downgrade attack |