Home > mailing lists

Re: PostgreSQL12 and older versions of OpenSSL - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: PostgreSQL12 and older versions of OpenSSL
Date	September 24, 2019 19:43:17
Msg-id	22006.1569343397@sss.pgh.pa.us Whole thread Raw
In response to	Re: PostgreSQL12 and older versions of OpenSSL (Victor Wagner <vitus@wagner.pp.ru>)
Responses	Re: PostgreSQL12 and older versions of OpenSSL
List	pgsql-hackers

Tree view

Victor Wagner <vitus@wagner.pp.ru> writes:
> I'm attaching patch which uses solution mentioned above.
> It seems that chedk for SSL_OP_NO_TLSvX_Y is redundant if 
> we are checking for TLS_MAX_VERSION.

One thing I'm wondering is if it's safe to assume that TLS_MAX_VERSION
will be defined whenever these other symbols are.  Looking in an
0.9.8x install tree, that doesn't seem to define any of them; while
in 1.0.1e I see

./tls1.h:#define TLS1_1_VERSION                 0x0302
./tls1.h:#define TLS1_2_VERSION                 0x0303
./tls1.h:#define TLS_MAX_VERSION                        TLS1_2_VERSION

So the patch seems okay for these two versions, but I have no data about
intermediate OpenSSL versions.

BTW, the spacing in this patch seems rather random.

            regards, tom lane

pgsql-hackers by date:

From: Robert Haas
Date: 24 September 2019, 19:01:42
Subject: Re: Unwanted expression simplification in PG12b2

From: Robert Haas
Date: 24 September 2019, 20:15:59
Subject: Re: log message in proto.c

Re: PostgreSQL12 and older versions of OpenSSL - Mailing list pgsql-hackers

Previous

Next