From 4ad5e60ace01b5360a031ae75b400a565960b591 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Thu, 5 Dec 2019 16:47:27 +0900 Subject: [PATCH 2/3] Remove configure checks for SSL_clear_options in OpenSSL This function is supported down to OpenSSL 0.9.8, which is the oldest version supported on HEAD. Note that it is defined as a macro from OpenSSL 0.9.8, where it has been introduced, to 1.0.2, and that it is a function in 1.1.0 and newer versions. --- configure | 10 +++++----- configure.in | 3 ++- src/include/pg_config.h.in | 3 --- src/include/pg_config.h.win32 | 3 --- src/interfaces/libpq/fe-secure-openssl.c | 9 --------- 5 files changed, 7 insertions(+), 21 deletions(-) diff --git a/configure b/configure index 56c4aaa95b..7cc159c332 100755 --- a/configure +++ b/configure @@ -12094,13 +12094,13 @@ else fi fi - for ac_func in SSL_clear_options X509_get_signature_nid + # Function introduced in OpenSSL 1.0.2 + for ac_func in X509_get_signature_nid do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + ac_fn_c_check_func "$LINENO" "X509_get_signature_nid" "ac_cv_func_X509_get_signature_nid" +if test "x$ac_cv_func_X509_get_signature_nid" = xyes; then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_X509_GET_SIGNATURE_NID 1 _ACEOF fi diff --git a/configure.in b/configure.in index 9fd9c390e6..d56fed1096 100644 --- a/configure.in +++ b/configure.in @@ -1186,7 +1186,8 @@ if test "$with_openssl" = yes ; then AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])]) AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])]) fi - AC_CHECK_FUNCS([SSL_clear_options X509_get_signature_nid]) + # Function introduced in OpenSSL 1.0.2 + AC_CHECK_FUNCS([X509_get_signature_nid]) # Functions introduced in OpenSSL 1.1.0. We used to check for # OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 0d77f2aafd..050c48b108 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -512,9 +512,6 @@ /* Define to 1 if you have the `srandom' function. */ #undef HAVE_SRANDOM -/* Define to 1 if you have the `SSL_clear_options' function. */ -#undef HAVE_SSL_CLEAR_OPTIONS - /* Define to 1 if stdbool.h conforms to C99. */ #undef HAVE_STDBOOL_H diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32 index 467fb89ee6..09cedd0bda 100644 --- a/src/include/pg_config.h.win32 +++ b/src/include/pg_config.h.win32 @@ -370,9 +370,6 @@ /* Define to 1 if you have the `srandom' function. */ /* #undef HAVE_SRANDOM */ -/* Define to 1 if you have the `SSL_clear_options' function. */ -#define HAVE_SSL_CLEAR_OPTIONS 1 - /* Define to 1 if stdbool.h conforms to C99. */ #define HAVE_STDBOOL_H 1 diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index cba81f63c0..c71da75cfd 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -1198,17 +1198,8 @@ initialize_SSL(PGconn *conn) #ifdef SSL_OP_NO_COMPRESSION if (conn->sslcompression && conn->sslcompression[0] == '0') SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION); - - /* - * Mainline OpenSSL introduced SSL_clear_options() before - * SSL_OP_NO_COMPRESSION, so this following #ifdef should not be - * necessary, but some old NetBSD version have a locally modified libssl - * that has SSL_OP_NO_COMPRESSION but not SSL_clear_options(). - */ -#ifdef HAVE_SSL_CLEAR_OPTIONS else SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION); -#endif #endif return 0; -- 2.24.0