pgsql: Only provide openssl_tls_init_hook if building with openssl

Started by Andrew Dunstanabout 6 years ago5 messagescomitters

Jump to latest

Andrew Dunstan

andrew@dunslane.net

about 6 years ago

Only provide openssl_tls_init_hook if building with openssl

This should have been protected by #ifdef USE_OPENSSL in commit
896fcdb230.

Per the real complaint this time from Daniel Gustafsson.

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/f342d7ad03e61a1cea0339cf0c5aea0d01c3b43e

Modified Files
--------------
src/include/libpq/libpq-be.h | 2 ++
1 file changed, 2 insertions(+)

Tom Lane

tgl@sss.pgh.pa.us

about 6 years ago

In reply to: Andrew Dunstan (#1)

Re: pgsql: Only provide openssl_tls_init_hook if building with openssl

Andrew Dunstan <andrew@dunslane.net> writes:

Only provide openssl_tls_init_hook if building with openssl

One or the other of these patches broke building without --with-openssl:

fe-secure.c:435: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'PQgetSSLKeyPassHook'
fe-secure.c:441: error: expected ')' before 'hook'
fe-secure.c:447: warning: no previous prototype for 'PQdefaultSSLKeyPassHook'
make[3]: *** [fe-secure.o] Error 1

regards, tom lane

Daniel Gustafsson

daniel@yesql.se

about 6 years ago

In reply to: Tom Lane (#2)

Re: pgsql: Only provide openssl_tls_init_hook if building with openssl

On 17 Apr 2020, at 22:32, Tom Lane <tgl@sss.pgh.pa.us> wrote:

Andrew Dunstan <andrew@dunslane.net> writes:

Only provide openssl_tls_init_hook if building with openssl

One or the other of these patches broke building without --with-openssl:

fe-secure.c:435: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'PQgetSSLKeyPassHook'
fe-secure.c:441: error: expected ')' before 'hook'
fe-secure.c:447: warning: no previous prototype for 'PQdefaultSSLKeyPassHook'
make[3]: *** [fe-secure.o] Error 1

fe-secure.c provides dummy implementations for non-SSL builds, and have a dummy
PQsslKeyPassHook_type implementation there. So either the dummy needs to be
removed if we want this hook OpenSSL specific as well, or the USE_OPENSSL
guards from 9e24109f1a4e4d8d1d keeping them only for openssl_tls_init_hook.

cheers ./daniel

Andrew Dunstan

andrew@dunslane.net

about 6 years ago

In reply to: Tom Lane (#2)

Re: pgsql: Only provide openssl_tls_init_hook if building with openssl

On 4/17/20 4:32 PM, Tom Lane wrote:

Andrew Dunstan <andrew@dunslane.net> writes:

Only provide openssl_tls_init_hook if building with openssl

One or the other of these patches broke building without --with-openssl:

fe-secure.c:435: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'PQgetSSLKeyPassHook'
fe-secure.c:441: error: expected ')' before 'hook'
fe-secure.c:447: warning: no previous prototype for 'PQdefaultSSLKeyPassHook'
make[3]: *** [fe-secure.o] Error 1

I am not batting 1000 today. Apologies to all.

Looks like the libpq change should be reverted. I'll double check.

cheers

andrew

--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Michael Paquier

michael@paquier.xyz

about 6 years ago

In reply to: Daniel Gustafsson (#3)

Re: pgsql: Only provide openssl_tls_init_hook if building with openssl

On Fri, Apr 17, 2020 at 10:43:11PM +0200, Daniel Gustafsson wrote:

fe-secure.c provides dummy implementations for non-SSL builds, and have a dummy
PQsslKeyPassHook_type implementation there. So either the dummy needs to be
removed if we want this hook OpenSSL specific as well, or the USE_OPENSSL
guards from 9e24109f1a4e4d8d1d keeping them only for openssl_tls_init_hook.

I was just looking at the git history and bumped into this thread. I
think Andrew got it right to revert 9e24109 with 6741cfa: these
routines should be declared and return dummy results for non-SSL
builds or applications are going to have a hard time maintaining
compatibility with libpq depending on what they link to if they get to
call those SSL new routines.

PS: Thanks for f342d7a.
--
Michael