Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit4e6f101

Browse files
committed
Fix compilation with older OpenSSL versions
Some older OpenSSL versions (0.9.8 branch) define TLS*_VERSION macrosbut not the corresponding SSL_OP_NO_* macro, which causes the code forhandling ssl_min_protocol_version/ssl_max_protocol_version to fail tocompile. To fix, add more #ifdefs and error handling.Reported-by: Victor Wagner <vitus@wagner.pp.ru>Reviewed-by: Michael Paquier <michael@paquier.xyz>Discussion:https://www.postgresql.org/message-id/flat/20190924101859.09383b4f%40fafnir.local.vm
1 parent4ea03f3 commit4e6f101

File tree

1 file changed

+46
-2
lines changed

1 file changed

+46
-2
lines changed

‎src/backend/libpq/be-secure-openssl.c

Lines changed: 46 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -198,7 +198,12 @@ be_tls_init(bool isServerStart)
198198

199199
if (ssl_ver==-1)
200200
gotoerror;
201-
SSL_CTX_set_min_proto_version(context,ssl_ver);
201+
if (!SSL_CTX_set_min_proto_version(context,ssl_ver))
202+
{
203+
ereport(isServerStart ?FATAL :LOG,
204+
(errmsg("could not set minimum SSL protocol version")));
205+
gotoerror;
206+
}
202207
}
203208

204209
if (ssl_max_protocol_version)
@@ -209,7 +214,12 @@ be_tls_init(bool isServerStart)
209214

210215
if (ssl_ver==-1)
211216
gotoerror;
212-
SSL_CTX_set_max_proto_version(context,ssl_ver);
217+
if (!SSL_CTX_set_max_proto_version(context,ssl_ver))
218+
{
219+
ereport(isServerStart ?FATAL :LOG,
220+
(errmsg("could not set maximum SSL protocol version")));
221+
gotoerror;
222+
}
213223
}
214224

215225
/* disallow SSL session tickets */
@@ -1326,13 +1336,30 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version)
13261336

13271337
if (version>TLS1_VERSION)
13281338
ssl_options |=SSL_OP_NO_TLSv1;
1339+
/*
1340+
* Some OpenSSL versions define TLS*_VERSION macros but not the
1341+
* corresponding SSL_OP_NO_* macro, so in those cases we have to return
1342+
* unsuccessfully here.
1343+
*/
13291344
#ifdefTLS1_1_VERSION
13301345
if (version>TLS1_1_VERSION)
1346+
{
1347+
#ifdefSSL_OP_NO_TLSv1_1
13311348
ssl_options |=SSL_OP_NO_TLSv1_1;
1349+
#else
1350+
return0;
1351+
#endif
1352+
}
13321353
#endif
13331354
#ifdefTLS1_2_VERSION
13341355
if (version>TLS1_2_VERSION)
1356+
{
1357+
#ifdefSSL_OP_NO_TLSv1_2
13351358
ssl_options |=SSL_OP_NO_TLSv1_2;
1359+
#else
1360+
return0;
1361+
#endif
1362+
}
13361363
#endif
13371364

13381365
SSL_CTX_set_options(ctx,ssl_options);
@@ -1347,13 +1374,30 @@ SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version)
13471374

13481375
AssertArg(version!=0);
13491376

1377+
/*
1378+
* Some OpenSSL versions define TLS*_VERSION macros but not the
1379+
* corresponding SSL_OP_NO_* macro, so in those cases we have to return
1380+
* unsuccessfully here.
1381+
*/
13501382
#ifdefTLS1_1_VERSION
13511383
if (version<TLS1_1_VERSION)
1384+
{
1385+
#ifdefSSL_OP_NO_TLSv1_1
13521386
ssl_options |=SSL_OP_NO_TLSv1_1;
1387+
#else
1388+
return0;
1389+
#endif
1390+
}
13531391
#endif
13541392
#ifdefTLS1_2_VERSION
13551393
if (version<TLS1_2_VERSION)
1394+
{
1395+
#ifdefSSL_OP_NO_TLSv1_2
13561396
ssl_options |=SSL_OP_NO_TLSv1_2;
1397+
#else
1398+
return0;
1399+
#endif
1400+
}
13571401
#endif
13581402

13591403
SSL_CTX_set_options(ctx,ssl_options);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp