Re: Update minimum SSL version - Mailing list pgsql-hackers

From Daniel Gustafsson
Subject Re: Update minimum SSL version
Date
Msg-id 3C636E88-44C7-40C6-ABA3-1B236E0A74DE@yesql.se
Whole thread Raw
In response to Re: Update minimum SSL version  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Update minimum SSL version
List pgsql-hackers
> On 5 Dec 2019, at 15:50, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Daniel Gustafsson <daniel@yesql.se> writes:
>>> On 5 Dec 2019, at 02:48, Michael Paquier <michael@paquier.xyz> wrote:
>>> So it seems to me that we are able to correctly
>>> detect the presence of this function in the configure checks if
>>> building with 1.1.0~, but not other versions.
>
>> Yes, we can't use AC_CHECK_FUNCS but would need to use AC_COMPILE_IFELSE (or a
>> similar check) in order to detect the macro.
>
> configure already has a similar issue for isinf().  (I thought there
> were more cases, actually, but I don't see another right now.)
> We could just duplicate that logic, or maybe it's time to wrap it
> up in an autoconf macro?
>
>> Yes, if we're dropping older versions such that all supported versions have the
>> function, then keeping the autoconf check would be quite pointless.
>
> True as far as HEAD goes.

Good point.

> What I'd like to know is whether not
> realizing that SSL_clear_options is present causes any functional
> issues that would justify back-patching a fix.

ISTM that SSL_clear_options is required for turning on compression.  Since
compression was introduced in 1.0.0 and SSL_clear_options was turned into a
function in 1.1.0, it affects 1.0.0, 1.0.1 and 1.0.2 with the latter two being
quite heavily used.  I'm not sure how common it is to enable compression, and
especially how common it is post-CRIME, but since the option is there it seems
silly for it not to work with highly common library versions.  Removing the
check only affects NetBSD 5, but breaking compilation in a stable release, even
for a rare OS, is I assume/hope a no-no.  So thats a +1 from me for back-
patching a fix, while removing the check altogether in master.

The attached converts the check to use AC_LINK_IFELSE, in order to detect the
macro as well as the function (the compiled code is omitted for readability).
The patch is against master, but the check applies against backbranches except
for the AC_CHECK_FUNCS hunk which need tailoring per backbranch.  I didn't
convert it to an autoconf macro, as there are only two callers in the
backbranches and it won't go into HEAD.

cheers ./daniel


Attachment

pgsql-hackers by date:

Previous
From: Andres Freund
Date:
Subject: Re: Memory-Bounded Hash Aggregation
Next
From: Daniel Gustafsson
Date:
Subject: Re: Misleading comment in pg_upgrade.c