Re: OpenSSL 1.1 breaks configure and more - Mailing list pgsql-hackers
| From | Heikki Linnakangas |
|---|---|
| Subject | Re: OpenSSL 1.1 breaks configure and more |
| Date | |
| Msg-id | 322ff387-0255-4e87-a9a3-4a9f788be0bc@iki.fi Whole thread Raw |
| In response to | Re: OpenSSL 1.1 breaks configure and more (Heikki Linnakangas <hlinnaka@iki.fi>) |
| Responses |
Re: OpenSSL 1.1 breaks configure and more
(Tom Lane <tgl@sss.pgh.pa.us>)
Re: OpenSSL 1.1 breaks configure and more (Rémi Zara <remi_zara@mac.com>) |
| List | pgsql-hackers |
On 08/29/2016 08:22 PM, Heikki Linnakangas wrote: > On 08/27/2016 05:15 PM, Peter Eisentraut wrote: >> On 8/26/16 9:26 PM, Andreas Karlsson wrote: >>> I have attached a patch which removes the < 0.9.8 compatibility code. >>> Should we also add a version check to configure? We do not have any such >>> check currently. >> >> I think that is not necessary. > > I was going to change the configure test to check for a different > function that we use, that's only present in 0.9.8 and later. But the > only such functions were related to ECDH, and the use of those functions > is inside "#ifndef OPENSSL_NO_ECDH", so they're not suitable for the > autoconf test. So I gave up. If you try to build with 0.9.7, you'll get > compilation errors because of those ECDH symbols, and with 0.9.6, > probably on some other symbols. > > Pushed with some small doc fixes, thanks Andreas! I'll continue > reviewing the rest of the patches. Buildfarm animals "locust" and "prairiedog" are not happy with this. They seem to be using OpenSSL 0.9.7, as they failed with errors related to those ECDH calls: be-secure-openssl.c: In function 'initialize_ecdh': be-secure-openssl.c:978: error: 'EC_KEY' undeclared (first use in this function) be-secure-openssl.c:978: error: (Each undeclared identifier is reported only once be-secure-openssl.c:978: error: for each function it appears in.) be-secure-openssl.c:978: error: 'ecdh' undeclared (first use in this function) be-secure-openssl.c:979: warning: ISO C90 forbids mixed declarations and code be-secure-openssl.c:986: warning: implicit declaration of function 'EC_KEY_new_by_curve_name' be-secure-openssl.c:991: error: 'SSL_OP_SINGLE_ECDH_USE' undeclared (first use in this function) be-secure-openssl.c:992: warning: implicit declaration of function 'SSL_CTX_set_tmp_ecdh' be-secure-openssl.c:993: warning: implicit declaration of function 'EC_KEY_free' I only now noticed that Tom said upthread that he still has a buildfarm critter using 0.9.7 (that's prairiedog). Sorry for the breakage. It would be easy to put the version check back to still support 0.9.7, most of the changes in this commit was thanks to removing support for 0.9.6. But that'd complicate the upcoming 1.1.0 support patch slightly, so let's stick to the plan and drop the support for <= 0.9.7 Tom, Rémi, can you fix locust and prairiedog, please, by updating OpenSSL or removing --with-openssl? - Heikki
pgsql-hackers by date: