Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit054e8c6

Browse files
committed
Another attempt at fixing build with various OpenSSL versions
It seems we can't easily work around the lack ofX509_get_signature_nid(), so revert the previous attempts and justdisable the tls-server-end-point feature if we don't have it.
1 parent1834c1e commit054e8c6

File tree

5 files changed

+24
-9
lines changed

5 files changed

+24
-9
lines changed

‎configure

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10125,12 +10125,13 @@ else
1012510125
fi
1012610126

1012710127
fi
10128-
forac_funcin SSL_get_current_compression
10128+
forac_funcin SSL_get_current_compression X509_get_signature_nid
1012910129
do:
10130-
ac_fn_c_check_func"$LINENO""SSL_get_current_compression""ac_cv_func_SSL_get_current_compression"
10131-
iftest"x$ac_cv_func_SSL_get_current_compression" = xyes;then:
10130+
as_ac_var=`$as_echo"ac_cv_func_$ac_func"|$as_tr_sh`
10131+
ac_fn_c_check_func"$LINENO""$ac_func""$as_ac_var"
10132+
ifevaltest\"x\$"$as_ac_var"\" = x"yes";then:
1013210133
cat>>confdefs.h<<_ACEOF
10133-
#defineHAVE_SSL_GET_CURRENT_COMPRESSION 1
10134+
#define`$as_echo"HAVE_$ac_func"|$as_tr_cpp` 1
1013410135
_ACEOF
1013510136

1013610137
fi

‎configure.in

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1064,7 +1064,7 @@ if test "$with_openssl" = yes ; then
10641064
AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])])
10651065
AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])])
10661066
fi
1067-
AC_CHECK_FUNCS([SSL_get_current_compression])
1067+
AC_CHECK_FUNCS([SSL_get_current_compression X509_get_signature_nid])
10681068
# Functions introduced in OpenSSL 1.1.0. We used to check for
10691069
# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
10701070
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it

‎src/backend/libpq/be-secure-openssl.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,6 @@
5757
#ifndefOPENSSL_NO_ECDH
5858
#include<openssl/ec.h>
5959
#endif
60-
#include<openssl/x509.h>
6160

6261
#include"libpq/libpq.h"
6362
#include"miscadmin.h"
@@ -1250,6 +1249,7 @@ be_tls_get_peer_finished(Port *port, size_t *len)
12501249
char*
12511250
be_tls_get_certificate_hash(Port*port,size_t*len)
12521251
{
1252+
#ifdefHAVE_X509_GET_SIGNATURE_NID
12531253
X509*server_cert;
12541254
char*cert_hash;
12551255
constEVP_MD*algo_type=NULL;
@@ -1266,7 +1266,7 @@ be_tls_get_certificate_hash(Port *port, size_t *len)
12661266
* Get the signature algorithm of the certificate to determine the
12671267
* hash algorithm to use for the result.
12681268
*/
1269-
if (!OBJ_find_sigid_algs(OBJ_obj2nid(server_cert->sig_alg->algorithm),
1269+
if (!OBJ_find_sigid_algs(X509_get_signature_nid(server_cert),
12701270
&algo_nid,NULL))
12711271
elog(ERROR,"could not determine server certificate signature algorithm");
12721272

@@ -1299,6 +1299,12 @@ be_tls_get_certificate_hash(Port *port, size_t *len)
12991299
*len=hash_size;
13001300

13011301
returncert_hash;
1302+
#else
1303+
ereport(ERROR,
1304+
(errcode(ERRCODE_PROTOCOL_VIOLATION),
1305+
errmsg("channel binding type \"tls-server-end-point\" is not supported by this build")));
1306+
returnNULL;
1307+
#endif
13021308
}
13031309

13041310
/*

‎src/include/pg_config.h.in

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -681,6 +681,9 @@
681681
/* Define to 1 if you have the <winldap.h> header file. */
682682
#undef HAVE_WINLDAP_H
683683

684+
/* Define to 1 if you have the `X509_get_signature_nid' function. */
685+
#undef HAVE_X509_GET_SIGNATURE_NID
686+
684687
/* Define to 1 if your compiler understands __builtin_bswap16. */
685688
#undef HAVE__BUILTIN_BSWAP16
686689

‎src/interfaces/libpq/fe-secure-openssl.c

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,6 @@
5858
#ifdefUSE_SSL_ENGINE
5959
#include<openssl/engine.h>
6060
#endif
61-
#include<openssl/x509.h>
6261
#include<openssl/x509v3.h>
6362

6463
staticboolverify_peer_name_matches_certificate(PGconn*);
@@ -430,6 +429,7 @@ pgtls_get_finished(PGconn *conn, size_t *len)
430429
char*
431430
pgtls_get_peer_certificate_hash(PGconn*conn,size_t*len)
432431
{
432+
#ifdefHAVE_X509_GET_SIGNATURE_NID
433433
X509*peer_cert;
434434
constEVP_MD*algo_type;
435435
unsignedcharhash[EVP_MAX_MD_SIZE];/* size for SHA-512 */
@@ -448,7 +448,7 @@ pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len)
448448
* Get the signature algorithm of the certificate to determine the hash
449449
* algorithm to use for the result.
450450
*/
451-
if (!OBJ_find_sigid_algs(OBJ_obj2nid(peer_cert->sig_alg->algorithm),
451+
if (!OBJ_find_sigid_algs(X509_get_signature_nid(peer_cert),
452452
&algo_nid,NULL))
453453
{
454454
printfPQExpBuffer(&conn->errorMessage,
@@ -499,6 +499,11 @@ pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len)
499499
*len=hash_size;
500500

501501
returncert_hash;
502+
#else
503+
printfPQExpBuffer(&conn->errorMessage,
504+
libpq_gettext("channel binding type \"tls-server-end-point\" is not supported by this build\n"));
505+
returnNULL;
506+
#endif
502507
}
503508

504509
/* ------------------------------------------------------------ */

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp