diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2017-04-17 13:52:42 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2017-04-17 13:52:42 -0400 |
| commit | 4e91330daca017aeeed2a3deea646a7c9aaaa45f (patch) | |
| tree | 9fa14838b52b435fd6cd38ff4078d815930bb5a0 /src/interfaces/libpq/fe-secure.c | |
| parent | fbfeceb25362097c5552751427151a07d23b8241 (diff) | |
Support OpenSSL 1.1.0 in 9.3 and 9.2.
This commit back-patches the equivalent of the 9.5-branch commits
e2838c580 and 48e5ba61e, so that we can work with OpenSSL 1.1.0
in all supported branches.
Original patches by Andreas Karlsson and Heikki Linnakangas,
back-patching work by Andreas Karlsson.
Patch: https://postgr.es/m/0c817abb-3f7d-20fb-583a-58f7593a0bea@proxel.se
Discussion: https://postgr.es/m/5129.1492293840@sss.pgh.pa.us
Diffstat (limited to 'src/interfaces/libpq/fe-secure.c')
| -rw-r--r-- | src/interfaces/libpq/fe-secure.c | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index 9e7ae472ed7..a52a2069877 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -58,7 +58,7 @@ #ifdef USE_SSL #include <openssl/ssl.h> -#if (SSLEAY_VERSION_NUMBER >= 0x00907000L) +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) #include <openssl/conf.h> #endif #ifdef USE_SSL_ENGINE @@ -835,9 +835,13 @@ verify_peer_name_matches_certificate(PGconn *conn) return result; } -#ifdef ENABLE_THREAD_SAFETY +#if defined(ENABLE_THREAD_SAFETY) && defined(HAVE_CRYPTO_LOCK) /* - * Callback functions for OpenSSL internal locking + * Callback functions for OpenSSL internal locking. (OpenSSL 1.1.0 + * does its own locking, and doesn't need these anymore. The + * CRYPTO_lock() function was removed in 1.1.0, when the callbacks + * were made obsolete, so we assume that if CRYPTO_lock() exists, + * the callbacks are still required.) */ static unsigned long @@ -867,7 +871,7 @@ pq_lockingcallback(int mode, int n, const char *file, int line) PGTHREAD_ERROR("failed to unlock mutex"); } } -#endif /* ENABLE_THREAD_SAFETY */ +#endif /* ENABLE_THREAD_SAFETY && HAVE_CRYPTO_LOCK */ /* * Initialize SSL library. @@ -905,6 +909,7 @@ init_ssl_system(PGconn *conn) if (pthread_mutex_lock(&ssl_config_mutex)) return -1; +#ifdef HAVE_CRYPTO_LOCK if (pq_init_crypto_lib) { /* @@ -940,17 +945,22 @@ init_ssl_system(PGconn *conn) CRYPTO_set_locking_callback(pq_lockingcallback); } } +#endif /* HAVE_CRYPTO_LOCK */ #endif /* ENABLE_THREAD_SAFETY */ if (!ssl_lib_initialized) { if (pq_init_ssl_lib) { -#if SSLEAY_VERSION_NUMBER >= 0x00907000L +#ifdef HAVE_OPENSSL_INIT_SSL + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); +#else +#if OPENSSL_VERSION_NUMBER >= 0x00907000L OPENSSL_config(NULL); #endif SSL_library_init(); SSL_load_error_strings(); +#endif } ssl_lib_initialized = true; } @@ -970,12 +980,13 @@ init_ssl_system(PGconn *conn) * if we had any.) * * Callbacks are only set when we're compiled in threadsafe mode, so - * we only need to remove them in this case. + * we only need to remove them in this case. They are also not needed + * with OpenSSL 1.1.0 anymore. */ static void destroy_ssl_system(void) { -#ifdef ENABLE_THREAD_SAFETY +#if defined(ENABLE_THREAD_SAFETY) && defined(HAVE_CRYPTO_LOCK) /* Mutex is created in initialize_ssl_system() */ if (pthread_mutex_lock(&ssl_config_mutex)) return; |