Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commita430c7b

Browse files
committed
Fix compilation with older OpenSSL versions
Some older OpenSSL versions (0.9.8 branch) define TLS*_VERSION macrosbut not the corresponding SSL_OP_NO_* macro, which causes the code forhandling ssl_min_protocol_version/ssl_max_protocol_version to fail tocompile. To fix, add more #ifdefs and error handling.Reported-by: Victor Wagner <vitus@wagner.pp.ru>Reviewed-by: Michael Paquier <michael@paquier.xyz>Discussion:https://www.postgresql.org/message-id/flat/20190924101859.09383b4f%40fafnir.local.vm
1 parent9de7ea6 commita430c7b

File tree

1 file changed

+46
-2
lines changed

1 file changed

+46
-2
lines changed

‎src/backend/libpq/be-secure-openssl.c

Lines changed: 46 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -198,7 +198,12 @@ be_tls_init(bool isServerStart)
198198

199199
if (ssl_ver==-1)
200200
gotoerror;
201-
SSL_CTX_set_min_proto_version(context,ssl_ver);
201+
if (!SSL_CTX_set_min_proto_version(context,ssl_ver))
202+
{
203+
ereport(isServerStart ?FATAL :LOG,
204+
(errmsg("could not set minimum SSL protocol version")));
205+
gotoerror;
206+
}
202207
}
203208

204209
if (ssl_max_protocol_version)
@@ -209,7 +214,12 @@ be_tls_init(bool isServerStart)
209214

210215
if (ssl_ver==-1)
211216
gotoerror;
212-
SSL_CTX_set_max_proto_version(context,ssl_ver);
217+
if (!SSL_CTX_set_max_proto_version(context,ssl_ver))
218+
{
219+
ereport(isServerStart ?FATAL :LOG,
220+
(errmsg("could not set maximum SSL protocol version")));
221+
gotoerror;
222+
}
213223
}
214224

215225
/* disallow SSL session tickets */
@@ -1335,13 +1345,30 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version)
13351345

13361346
if (version>TLS1_VERSION)
13371347
ssl_options |=SSL_OP_NO_TLSv1;
1348+
/*
1349+
* Some OpenSSL versions define TLS*_VERSION macros but not the
1350+
* corresponding SSL_OP_NO_* macro, so in those cases we have to return
1351+
* unsuccessfully here.
1352+
*/
13381353
#ifdefTLS1_1_VERSION
13391354
if (version>TLS1_1_VERSION)
1355+
{
1356+
#ifdefSSL_OP_NO_TLSv1_1
13401357
ssl_options |=SSL_OP_NO_TLSv1_1;
1358+
#else
1359+
return0;
1360+
#endif
1361+
}
13411362
#endif
13421363
#ifdefTLS1_2_VERSION
13431364
if (version>TLS1_2_VERSION)
1365+
{
1366+
#ifdefSSL_OP_NO_TLSv1_2
13441367
ssl_options |=SSL_OP_NO_TLSv1_2;
1368+
#else
1369+
return0;
1370+
#endif
1371+
}
13451372
#endif
13461373

13471374
SSL_CTX_set_options(ctx,ssl_options);
@@ -1356,13 +1383,30 @@ SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version)
13561383

13571384
AssertArg(version!=0);
13581385

1386+
/*
1387+
* Some OpenSSL versions define TLS*_VERSION macros but not the
1388+
* corresponding SSL_OP_NO_* macro, so in those cases we have to return
1389+
* unsuccessfully here.
1390+
*/
13591391
#ifdefTLS1_1_VERSION
13601392
if (version<TLS1_1_VERSION)
1393+
{
1394+
#ifdefSSL_OP_NO_TLSv1_1
13611395
ssl_options |=SSL_OP_NO_TLSv1_1;
1396+
#else
1397+
return0;
1398+
#endif
1399+
}
13621400
#endif
13631401
#ifdefTLS1_2_VERSION
13641402
if (version<TLS1_2_VERSION)
1403+
{
1404+
#ifdefSSL_OP_NO_TLSv1_2
13651405
ssl_options |=SSL_OP_NO_TLSv1_2;
1406+
#else
1407+
return0;
1408+
#endif
1409+
}
13661410
#endif
13671411

13681412
SSL_CTX_set_options(ctx,ssl_options);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp