Re: PostgreSQL12 and older versions of OpenSSL - Mailing list pgsql-hackers

From Tom Lane
Subject Re: PostgreSQL12 and older versions of OpenSSL
Date
Msg-id 22006.1569343397@sss.pgh.pa.us
Whole thread Raw
In response to Re: PostgreSQL12 and older versions of OpenSSL  (Victor Wagner <vitus@wagner.pp.ru>)
Responses Re: PostgreSQL12 and older versions of OpenSSL
List pgsql-hackers
Victor Wagner <vitus@wagner.pp.ru> writes:
> I'm attaching patch which uses solution mentioned above.
> It seems that chedk for SSL_OP_NO_TLSvX_Y is redundant if 
> we are checking for TLS_MAX_VERSION.

One thing I'm wondering is if it's safe to assume that TLS_MAX_VERSION
will be defined whenever these other symbols are.  Looking in an
0.9.8x install tree, that doesn't seem to define any of them; while
in 1.0.1e I see

./tls1.h:#define TLS1_1_VERSION                 0x0302
./tls1.h:#define TLS1_2_VERSION                 0x0303
./tls1.h:#define TLS_MAX_VERSION                        TLS1_2_VERSION

So the patch seems okay for these two versions, but I have no data about
intermediate OpenSSL versions.

BTW, the spacing in this patch seems rather random.

            regards, tom lane



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Unwanted expression simplification in PG12b2
Next
From: Robert Haas
Date:
Subject: Re: log message in proto.c