On 2024-06-08 Sa 06:22, Imran Zaheer wrote:
> I was able to reproduce the gssapi & openssl error on windows. I tried
> on PG16 with msvc build system and on PG17 with meson build system.
> The error was reproducible when enabling both openssl and gssapi from
> the configurations. Turns out that it was due to the conflicting
> macros.
>
>
> "be-secure-openssl.c" tries to prevent this conflict here [1]. But the
> error again appears when gssapi is enabled. The file
> "be-secure-openssl.c" fails to compile because it has a similar
> scenario as explained here [2]. The header libpq.h is indirectly
> including libpq-be.h which has a wrong order of including openssl
> headers. Header "gssapi.h" indirectly includes "wincrypt.h" and
> openssl header should be defined after gssapi includes.
>
> Now this can either be solved by just just undefine the macro defined
> by wincrypt.h as done here [3]
> ```
> #ifdef X509_NAME
> #undef X509_NAME
> #endif
> ```
>
> Or we should rearrange our headers. Openssl header should be at the
> bottom (after the gssapi includes).
>
>
> I am attaching the patch here in which I rearranged the openssl header
> in libpq-be.h
>
>
> [1]:
https://github.com/postgres/postgres/blob/8ba34c698d19450ccae9a5aea59a6d0bc8b75c0e/src/backend/libpq/be-secure-openssl.c#L46
> [2]: https://github.com/openssl/openssl/issues/10307#issuecomment-964155382
> [3]:
https://github.com/postgres/postgres/blob/00ac25a3c365004821e819653c3307acd3294818/contrib/sslinfo/sslinfo.c#L29
>
>
Let's be consistent and use the #undef from [3]. I did find the comment
in sslinfo.c slightly confusing until I understood that this was a
#define clashing with a typedef.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
