Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7d0bcb0

Browse files
committed
Fix handling of OpenSSL's SSL_clear_options
This function is supported down to OpenSSL 0.9.8, which is the oldestversion supported since 593d4e4 (from Postgres 10 onwards), and is usedsincee3bdb2d (from 11 onwards). It is defined as a macro from OpenSSL0.9.8 to 1.0.2, and as a function in 1.1.0 and newer versions. However,the configure check present is only adapted for functions. So, even ifthe code would be able to compile, configure fails to detect the macro,causing it to be ignored when compiling the code with OpenSSL from 0.9.8to 1.0.2.The code needs a configure check as pera364dfa, which has fixed acompilation issue with a past version of LibreSSL in NetBSD 5.1. OnHEAD, just remove the configure check as the last release of NetBSD 5 isfrom 2014 (and we have no more buildfarm members for it). In 11 and 12,improve the configure logic so as both macros and functions arecorrectly detected. This makes NetBSD 5 still work on already-releasedbranches, but not for 13 onwards.The patch for HEAD is from me, and Daniel has written the version to usefor the back-branches.Author: Michael Paquier, Daniel GustaffsonReviewed-by: Tom LaneDiscussion:https://postgr.es/m/20191205083252.GE5064@paquier.xyzDiscussion:https://postgr.es/m/98F7F99E-1129-41D8-B86B-FE3B1E286881@yesql.seBackpatch-through: 11
1 parent690c880 commit7d0bcb0

File tree

5 files changed

+7
-21
lines changed

5 files changed

+7
-21
lines changed

‎configure

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12094,13 +12094,13 @@ else
1209412094
fi
1209512095

1209612096
fi
12097-
for ac_func in SSL_clear_options X509_get_signature_nid
12097+
# Function introduced in OpenSSL 1.0.2.
12098+
for ac_func in X509_get_signature_nid
1209812099
do :
12099-
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
12100-
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
12101-
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
12100+
ac_fn_c_check_func "$LINENO" "X509_get_signature_nid" "ac_cv_func_X509_get_signature_nid"
12101+
if test "x$ac_cv_func_X509_get_signature_nid" = xyes; then :
1210212102
cat >>confdefs.h <<_ACEOF
12103-
#define`$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
12103+
#defineHAVE_X509_GET_SIGNATURE_NID 1
1210412104
_ACEOF
1210512105

1210612106
fi

‎configure.in

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1186,7 +1186,8 @@ if test "$with_openssl" = yes ; then
11861186
AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])])
11871187
AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])])
11881188
fi
1189-
AC_CHECK_FUNCS([SSL_clear_options X509_get_signature_nid])
1189+
# Function introduced in OpenSSL 1.0.2.
1190+
AC_CHECK_FUNCS([X509_get_signature_nid])
11901191
# Functions introduced in OpenSSL 1.1.0. We used to check for
11911192
# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
11921193
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it

‎src/include/pg_config.h.in

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -512,9 +512,6 @@
512512
/* Define to 1 if you have the `srandom' function. */
513513
#undef HAVE_SRANDOM
514514

515-
/* Define to 1 if you have the `SSL_clear_options' function. */
516-
#undef HAVE_SSL_CLEAR_OPTIONS
517-
518515
/* Define to 1 if stdbool.h conforms to C99. */
519516
#undef HAVE_STDBOOL_H
520517

‎src/include/pg_config.h.win32

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -370,9 +370,6 @@
370370
/* Define to 1 if you have the `srandom' function. */
371371
/* #undef HAVE_SRANDOM */
372372

373-
/* Define to 1 if you have the `SSL_clear_options' function. */
374-
#define HAVE_SSL_CLEAR_OPTIONS 1
375-
376373
/* Define to 1 if stdbool.h conforms to C99. */
377374
#define HAVE_STDBOOL_H 1
378375

‎src/interfaces/libpq/fe-secure-openssl.c

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1198,17 +1198,8 @@ initialize_SSL(PGconn *conn)
11981198
#ifdefSSL_OP_NO_COMPRESSION
11991199
if (conn->sslcompression&&conn->sslcompression[0]=='0')
12001200
SSL_set_options(conn->ssl,SSL_OP_NO_COMPRESSION);
1201-
1202-
/*
1203-
* Mainline OpenSSL introduced SSL_clear_options() before
1204-
* SSL_OP_NO_COMPRESSION, so this following #ifdef should not be
1205-
* necessary, but some old NetBSD version have a locally modified libssl
1206-
* that has SSL_OP_NO_COMPRESSION but not SSL_clear_options().
1207-
*/
1208-
#ifdefHAVE_SSL_CLEAR_OPTIONS
12091201
else
12101202
SSL_clear_options(conn->ssl,SSL_OP_NO_COMPRESSION);
1211-
#endif
12121203
#endif
12131204

12141205
return0;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp