diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2018-03-20 16:44:52 -0400 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2018-03-20 16:44:52 -0400 |
| commit | a364dfa4ac7337743050256c6eb17b5db5430173 (patch) | |
| tree | 2ab2fedc382bea18b5e5c187b13b0942e9188737 /src | |
| parent | 3de04e4ed12d0794e87e1db2e729d126cf183a58 (diff) | |
Attempt to fix build with unusual OpenSSL versions
Since e3bdb2d92600ed45bd46aaf48309a436a9628218, libpq failed to build on
some platforms because they did not have SSL_clear_options(). Although
mainline OpenSSL introduced SSL_clear_options() after
SSL_OP_NO_COMPRESSION, so the code should have built fine, at least an
old NetBSD version (build farm "coypu" NetBSD 5.1 gcc 4.1.3 PR-20080704
powerpc) has SSL_OP_NO_COMPRESSION but no SSL_clear_options().
So add a configure check for SSL_clear_options(). If we don't find it,
skip the call. That means on such a platform one cannot *enable* SSL
compression if the built-in default is off, but that seems an unlikely
combination anyway and not very interesting in practice.
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/pg_config.h.in | 3 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 8 |
2 files changed, 11 insertions, 0 deletions
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index f98f773ff02..ea3b2b6ce77 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -479,6 +479,9 @@ /* Define to 1 if you have the `srandom' function. */ #undef HAVE_SRANDOM +/* Define to 1 if you have the `SSL_clear_options' function. */ +#undef HAVE_SSL_CLEAR_OPTIONS + /* Define to 1 if you have the `SSL_get_current_compression' function. */ #undef HAVE_SSL_GET_CURRENT_COMPRESSION diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 1a35b30dbcd..2e2f1074fcb 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -1194,9 +1194,17 @@ initialize_SSL(PGconn *conn) #ifdef SSL_OP_NO_COMPRESSION if (conn->sslcompression && conn->sslcompression[0] == '0') SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION); + /* + * Mainline OpenSSL introduced SSL_clear_options() before + * SSL_OP_NO_COMPRESSION, so this following #ifdef should not be + * necessary, but some old NetBSD version have a locally modified libssl + * that has SSL_OP_NO_COMPRESSION but not SSL_clear_options(). + */ +#ifdef HAVE_SSL_CLEAR_OPTIONS else SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION); #endif +#endif return 0; } |