Re: Missing include in be-secure-openssl.c? - Mailing list pgsql-hackers

From Daniel Gustafsson
Subject Re: Missing include in be-secure-openssl.c?
Date
Msg-id 3C44D869-9BA5-4D02-9812-BF85D105B315@yesql.se
Whole thread Raw
In response to Re: Missing include in be-secure-openssl.c?  (Michael Paquier <michael@paquier.xyz>)
Responses Re: Missing include in be-secure-openssl.c?
List pgsql-hackers
> On 1 Nov 2021, at 06:27, Michael Paquier <michael@paquier.xyz> wrote:
> On Sun, Oct 31, 2021 at 06:45:47PM -0400, Tom Lane wrote:

>> Anyway, I propose adding that #include.
>
> openssl/ssl.h includes openssl/x509.h if OPENSSL_NO_DEPRECATED_1_1_0
> is not defined, but agreed that adding the header makes sense here.

It does make sense, but it's a bit worrisome that the indirect inclusion no
longer works as there is no obvious explanation as to why.  Looking at the
headers in supported versions, the only real difference would be that 3.0.0 now
defines #pragma once.  For that to matter though it would mean it was included
in the compilation unit before OPENSSL_API_COMPAT is defined from pg_config.h
(or something entirely else as #pragma once is problematic and compiler
dependent).

Knowing the version used in hamerkop before and after (assuming it changed)
would be quite interesting.

> x509v3.h includes x509.h, so fe-secure-openssl.h would not need an
> update.  Now could it be a better practice to include both there?

Judging by OpenSSL, including both is common practice unless the module only
deals with v3 extensions. Following that lead seems reasonable.

--
Daniel Gustafsson        https://vmware.com/




pgsql-hackers by date:

Previous
From: Alexander Pyhalov
Date:
Subject: Re: Partial aggregates pushdown
Next
From: Tomas Vondra
Date:
Subject: Re: Added schema level support for publication.