Participants
Dave Page
Dave Page
Merlin Moncure
Merlin Moncure
Tom Lane
Tom Lane
Attachments
Thread Outline
#1...#2
Dave Page
Jun 19, 2004
#1Dave PageDave Page
Jun 19, 2004
#2Dave PageDave Pageto Dave Page (#1)
Jun 20, 2004
#3...#4
Merlin MoncureDave Page
to Dave Page (#2)
Jun 21, 2004
#3Merlin MoncureMerlin Moncureto Dave Page (#2)
Jun 21, 2004
#4Dave PageDave Pageto Merlin Moncure (#3)
Jun 22, 2004
#5Tom LaneTom Laneto Dave Page (#2)
Jun 25, 2004

Compile failure with SSL

Started by Dave Pageover 21 years ago5 messages
#1Dave Page
Dave Page
dpage@vale-housing.co.uk

I think this is another on of those 'might be Win32 specific' problems.
When building on XP, with OpenSSL 0.9.7c (from the bitWalk MinGW tools),
I get the following failure:

gcc -O2 -fno-strict-aliasing -Wall -Wmissing-prototypes
-Wmissing-declarations -I../../../src/include -I./src/include/port/win32
-DEXEC_BACKEND "-I../../../src/include/port/win32" -DBUILDING_DLL -c
-o be-secure.o be-secure.c
be-secure.c: In function `initialize_SSL':
be-secure.c:653: `S_IRWXG' undeclared (first use in this function)
be-secure.c:653: (Each undeclared identifier is reported only once
be-secure.c:653: for each function it appears in.)
be-secure.c:653: `S_IRWXO' undeclared (first use in this function)
be-secure.c:654: warning: implicit declaration of function `getuid'
make[3]: *** [be-secure.o] Error 1
make[3]: Leaving directory `/cvs/pgsql/src/backend/libpq'

I have run 'make distclean' and './configure --with-openssl' to make
sure everything is consistent.

Any ideas?

Regards, Dave

#2Dave Page
Dave Page
dpage@vale-housing.co.uk
In reply to: Dave Page (#1)
1 attachment(s)
Re: Compile failure with SSL

OK, looks like the error below is a Win32 thing. The patch attached
#ifdef'd out the permissions check on the private key file as it won't
work under Windows anyway (a similar check in postmaster.c has has
already been ifdef'd out for the same reason).

Incidently, the consts are also used in initdb.c where they work just
fine - can't seem to figure out where it gets them from though (must be
missing something). Normally they're in sys/stat.h, but not in mingw
(where they can only be found in glibc/sys/stat.h). Magnus also
mentioned to me that Merlin's snapshots are building fine without this
patch - dunno if he has a different version of sys/stat.h...

Anyway, regardless of that I think the patch is relevant.

Regards, Dave.

Show quoted text

-----Original Message-----
From: pgsql-hackers-owner@postgresql.org
[mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of Dave Page
Sent: 19 June 2004 23:24
To: pgsql-hackers@postgresql.org
Subject: [HACKERS] Compile failure with SSL

I think this is another on of those 'might be Win32 specific'
problems.
When building on XP, with OpenSSL 0.9.7c (from the bitWalk
MinGW tools), I get the following failure:

gcc -O2 -fno-strict-aliasing -Wall -Wmissing-prototypes
-Wmissing-declarations -I../../../src/include
-I./src/include/port/win32 -DEXEC_BACKEND
"-I../../../src/include/port/win32" -DBUILDING_DLL -c -o
be-secure.o be-secure.c
be-secure.c: In function `initialize_SSL':
be-secure.c:653: `S_IRWXG' undeclared (first use in this function)
be-secure.c:653: (Each undeclared identifier is reported only once
be-secure.c:653: for each function it appears in.)
be-secure.c:653: `S_IRWXO' undeclared (first use in this function)
be-secure.c:654: warning: implicit declaration of function `getuid'
make[3]: *** [be-secure.o] Error 1
make[3]: Leaving directory `/cvs/pgsql/src/backend/libpq'

I have run 'make distclean' and './configure --with-openssl'
to make sure everything is consistent.

Any ideas?

Regards, Dave

---------------------------(end of
broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to
majordomo@postgresql.org

Attachments:

be_secure.diffapplication/octet-stream; name=be_secure.diffDownload
*** src/backend/libpq/be-secure.c.orig	Sun Jun 20 21:46:04 2004
--- src/backend/libpq/be-secure.c	Sun Jun 20 21:41:52 2004
***************
*** 650,655 ****
--- 650,662 ----
  					(errcode_for_file_access(),
  				   errmsg("could not access private key file \"%s\": %m",
  						  fnbuf)));
+	/* 
+	 * As per similar check in postmaster.c:
+ 	 * XXX temporarily suppress check when on Windows, because there may not
+ 	 * be proper support for Unix-y file permissions.  Need to think of a
+ 	 * reasonable check to apply on Windows.
+ 	 */
+ #if !defined(__CYGWIN__) && !defined(WIN32)
  		if (!S_ISREG(buf.st_mode) || (buf.st_mode & (S_IRWXG | S_IRWXO)) ||
  			buf.st_uid != getuid())
  			ereport(FATAL,
***************
*** 657,662 ****
--- 664,670 ----
  				  errmsg("unsafe permissions on private key file \"%s\"",
  						 fnbuf),
  					 errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\".")));
+ #endif
  
  		if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
  			ereport(FATAL,
Import Notes
Resolved by subject fallback
#3Merlin Moncure
Merlin Moncure
merlin.moncure@rcsonline.com
In reply to: Dave Page (#2)
Re: Compile failure with SSL

Dave Page wrote:

OK, looks like the error below is a Win32 thing. The patch attached
#ifdef'd out the permissions check on the private key file as it won't
work under Windows anyway (a similar check in postmaster.c has has
already been ifdef'd out for the same reason).

Incidently, the consts are also used in initdb.c where they work just
fine - can't seem to figure out where it gets them from though (must

be

missing something). Normally they're in sys/stat.h, but not in mingw
(where they can only be found in glibc/sys/stat.h). Magnus also
mentioned to me that Merlin's snapshots are building fine without this
patch - dunno if he has a different version of sys/stat.h...

Anyway, regardless of that I think the patch is relevant.

I had made the same changes as you to be_secure...(actually, I recently
stopped doing that, I need to update the snapshot info page). The real
problem is that the SSL based connection does not receive signals while
waiting on select() like the regular connection does. IMO, the SSL
patch should not be applied until this has been resolved.

Merlin

Import Notes
Resolved by subject fallback
#4Dave Page
Dave Page
dpage@vale-housing.co.uk
In reply to: Merlin Moncure (#3)
Re: Compile failure with SSL

-----Original Message-----
From: Merlin Moncure [mailto:merlin.moncure@rcsonline.com]
Sent: 21 June 2004 15:40
To: Dave Page
Cc: pgsql-hackers@postgresql.org; pgsql-patches@postgresql.org
Subject: RE: [HACKERS] Compile failure with SSL

I had made the same changes as you to be_secure...(actually,
I recently stopped doing that, I need to update the snapshot
info page). The real problem is that the SSL based
connection does not receive signals while waiting on select()
like the regular connection does. IMO, the SSL patch should
not be applied until this has been resolved.

Urrgghh - no ssl support on Windows :-(. I assume this is not a trivial
thing to fix?

I'm not sure I agree with leaving the patch off though - leaving the
code intentionally broken is not a nice way to disable an unsupported
feature, especially when the patch has nothing to do with the reasons
for not including said feature.

Regards, Dave

Import Notes
Resolved by subject fallback
#5Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Dave Page (#2)
Re: Compile failure with SSL

"Dave Page" <dpage@vale-housing.co.uk> writes:

OK, looks like the error below is a Win32 thing. The patch attached
#ifdef'd out the permissions check on the private key file as it won't
work under Windows anyway (a similar check in postmaster.c has has
already been ifdef'd out for the same reason).

Applied.

regards, tom lane

← Back to Topics