NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit7ad544f

committed

Fix handling of OpenSSL's SSL_clear_options

This function is supported down to OpenSSL 0.9.8, which is the oldestversion supported since 593d4e4 (from Postgres 10 onwards), and is usedsincee3bdb2d (from 11 onwards). It is defined as a macro from OpenSSL0.9.8 to 1.0.2, and as a function in 1.1.0 and newer versions. However,the configure check present is only adapted for functions. So, even ifthe code would be able to compile, configure fails to detect the macro,causing it to be ignored when compiling the code with OpenSSL from 0.9.8to 1.0.2.The code needs a configure check as pera364dfa, which has fixed acompilation issue with a past version of LibreSSL in NetBSD 5.1. OnHEAD, just remove the configure check as the last release of NetBSD 5 isfrom 2014 (and we have no more buildfarm members for it). In 11 and 12,improve the configure logic so as both macros and functions arecorrectly detected. This makes NetBSD 5 still work on already-releasedbranches, but not for 13 onwards.The patch for HEAD is from me, and Daniel has written the version to usefor the back-branches.Author: Michael Paquier, Daniel GustaffsonReviewed-by: Tom LaneDiscussion:https://postgr.es/m/20191205083252.GE5064@paquier.xyzDiscussion:https://postgr.es/m/98F7F99E-1129-41D8-B86B-FE3B1E286881@yesql.seBackpatch-through: 11

1 parent267eb95 commit7ad544fCopy full SHA for 7ad544f

File tree

2 files changed

+53

-2

lines changed

2 files changed

+53

-2

lines changed

`‎configure`

Lines changed: 38 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -11786,7 +11786,7 @@ else`
`11786`	`11786`	`fi`
`11787`	`11787`
`11788`	`11788`	`fi`
`11789`		`- for ac_func inSSL_clear_optionsSSL_get_current_compression X509_get_signature_nid`
	`11789`	`+ for ac_func in SSL_get_current_compression X509_get_signature_nid`
`11790`	`11790`	`do :`
`11791`	`11791`	as_ac_var=`$as_echo "ac_cv_func_$ac_func" \| $as_tr_sh`
`11792`	`11792`	`ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"`
`@@ -11829,6 +11829,43 @@ _ACEOF`
`11829`	`11829`	`fi`
`11830`	`11830`	`done`
`11831`	`11831`
	`11832`	`+ # SSL_clear_options is a macro in OpenSSL from 0.9.8 to 1.0.2, and`
	`11833`	`+ # a function from 1.1.0 onwards so we cannot use AC_CHECK_FUNCS.`
	`11834`	`+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_clear_options" >&5`
	`11835`	`+$as_echo_n "checking for SSL_clear_options... " >&6; }`
	`11836`	`+if ${ac_cv_func_ssl_clear_options+:} false; then :`
	`11837`	`+ $as_echo_n "(cached) " >&6`
	`11838`	`+else`
	`11839`	`+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext`
	`11840`	`+/* end confdefs.h. */`
	`11841`	`+`
	`11842`	`+ #include <openssl/ssl.h>`
	`11843`	`+ #include <openssl/bio.h>`
	`11844`	`+ SSL *ssl;`
	`11845`	`+`
	`11846`	`+int`
	`11847`	`+main ()`
	`11848`	`+{`
	`11849`	`+return SSL_clear_options(ssl, 0);`
	`11850`	`+ ;`
	`11851`	`+ return 0;`
	`11852`	`+}`
	`11853`	`+_ACEOF`
	`11854`	`+if ac_fn_c_try_link "$LINENO"; then :`
	`11855`	`+ ac_cv_func_ssl_clear_options=yes`
	`11856`	`+else`
	`11857`	`+ ac_cv_func_ssl_clear_options=no`
	`11858`	`+fi`
	`11859`	`+rm -f core conftest.err conftest.$ac_objext \`
	`11860`	`+ conftest$ac_exeext conftest.$ac_ext`
	`11861`	`+fi`
	`11862`	`+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_ssl_clear_options" >&5`
	`11863`	`+$as_echo "$ac_cv_func_ssl_clear_options" >&6; }`
	`11864`	`+ if test $ac_cv_func_ssl_clear_options = yes ; then`
	`11865`	`+`
	`11866`	`+$as_echo "#define HAVE_SSL_CLEAR_OPTIONS 1" >>confdefs.h`
	`11867`	`+`
	`11868`	`+ fi`
`11832`	`11869`	`fi`
`11833`	`11870`
`11834`	`11871`	`if test "$with_pam" = yes ; then`

`‎configure.in`

Lines changed: 15 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1203,7 +1203,7 @@ if test "$with_openssl" = yes ; then`
`1203`	`1203`	`AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])])`
`1204`	`1204`	`AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])])`
`1205`	`1205`	`fi`
`1206`		`- AC_CHECK_FUNCS([SSL_clear_optionsSSL_get_current_compression X509_get_signature_nid])`
	`1206`	`+ AC_CHECK_FUNCS([SSL_get_current_compression X509_get_signature_nid])`
`1207`	`1207`	`# Functions introduced in OpenSSL 1.1.0. We used to check for`
`1208`	`1208`	`# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL`
`1209`	`1209`	`# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it`
`@@ -1214,6 +1214,20 @@ if test "$with_openssl" = yes ; then`
`1214`	`1214`	`# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()`
`1215`	`1215`	`# function was removed.`
`1216`	`1216`	`AC_CHECK_FUNCS([CRYPTO_lock])`
	`1217`	`+ # SSL_clear_options is a macro in OpenSSL from 0.9.8 to 1.0.2, and`
	`1218`	`+ # a function from 1.1.0 onwards so we cannot use AC_CHECK_FUNCS.`
	`1219`	`+ AC_CACHE_CHECK([for SSL_clear_options], ac_cv_func_ssl_clear_options,`
	`1220`	`+ [AC_LINK_IFELSE([AC_LANG_PROGRAM([`
	`1221`	`+ #include <openssl/ssl.h>`
	`1222`	`+ #include <openssl/bio.h>`
	`1223`	`+ SSL *ssl;`
	`1224`	`+ ],`
	`1225`	`+ [return SSL_clear_options(ssl, 0);])],`
	`1226`	`+ [ac_cv_func_ssl_clear_options=yes],`
	`1227`	`+ [ac_cv_func_ssl_clear_options=no])])`
	`1228`	`+ if test $ac_cv_func_ssl_clear_options = yes ; then`
	`1229`	`+ AC_DEFINE(HAVE_SSL_CLEAR_OPTIONS, 1, [Define to 1 if you have SSL_clear_options()])`
	`1230`	`+ fi`
`1217`	`1231`	`fi`
`1218`	`1232`
`1219`	`1233`	`if test "$with_pam" = yes ; then`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit7ad544f

File tree

2 files changed

2 files changed

`‎configure`

`‎configure.in`

0 commit comments