diff options
| author | Michael Paquier | 2019-12-06 06:13:55 +0000 |
|---|---|---|
| committer | Michael Paquier | 2019-12-06 06:13:55 +0000 |
| commit | 7d0bcb04771764aa3023e5a5089459d40dbd5e65 (patch) | |
| tree | 8bb7cd9f61ccd3f4ca590f71bb34e5ab9476b585 /configure.in | |
| parent | 690c880269bf08dfb3f5bffb02be67e7e2a6c0f3 (diff) | |
Fix handling of OpenSSL's SSL_clear_options
This function is supported down to OpenSSL 0.9.8, which is the oldest
version supported since 593d4e4 (from Postgres 10 onwards), and is used
since e3bdb2d (from 11 onwards). It is defined as a macro from OpenSSL
0.9.8 to 1.0.2, and as a function in 1.1.0 and newer versions. However,
the configure check present is only adapted for functions. So, even if
the code would be able to compile, configure fails to detect the macro,
causing it to be ignored when compiling the code with OpenSSL from 0.9.8
to 1.0.2.
The code needs a configure check as per a364dfa, which has fixed a
compilation issue with a past version of LibreSSL in NetBSD 5.1. On
HEAD, just remove the configure check as the last release of NetBSD 5 is
from 2014 (and we have no more buildfarm members for it). In 11 and 12,
improve the configure logic so as both macros and functions are
correctly detected. This makes NetBSD 5 still work on already-released
branches, but not for 13 onwards.
The patch for HEAD is from me, and Daniel has written the version to use
for the back-branches.
Author: Michael Paquier, Daniel Gustaffson
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/[email protected]
Discussion: https://postgr.es/m/[email protected]
Backpatch-through: 11
Diffstat (limited to 'configure.in')
| -rw-r--r-- | configure.in | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/configure.in b/configure.in index 9fd9c390e6b..34aea0b4ace 100644 --- a/configure.in +++ b/configure.in @@ -1186,7 +1186,8 @@ if test "$with_openssl" = yes ; then AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])]) AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])]) fi - AC_CHECK_FUNCS([SSL_clear_options X509_get_signature_nid]) + # Function introduced in OpenSSL 1.0.2. + AC_CHECK_FUNCS([X509_get_signature_nid]) # Functions introduced in OpenSSL 1.1.0. We used to check for # OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it |