Thread: pgsql: Don't try to compile SSL CRL support if local SSL installation
pgsql: Don't try to compile SSL CRL support if local SSL installation
From
tgl@postgresql.org (Tom Lane)
Date:
Log Message: ----------- Don't try to compile SSL CRL support if local SSL installation hasn't got it. Per buildfarm failure on 'canary'. Modified Files: -------------- pgsql/src/backend/libpq: be-secure.c (r1.66 -> r1.67) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/libpq/be-secure.c.diff?r1=1.66&r2=1.67)
On Thu, 4 May 2006, Tom Lane wrote: > Log Message: > ----------- > Don't try to compile SSL CRL support if local SSL installation hasn't > got it. Per buildfarm failure on 'canary'. > It seems a little bit dangerous to just not check the CRL without so much as a warning message. CRL support came around in openssl 0.9.7 which was quite some time ago. Last time we discussed[1] this it looked like the 0.9.6 branch was still being maintained, but it's been over two years since the last 0.9.6 release[2]. I'd suggest de-supporting 0.9.6 or some sort of log message if there is a CRL file that we're not going to check. Kris Jurka [1] http://archives.postgresql.org/pgsql-committers/2005-07/msg00194.php [2] http://www.openssl.org/news/
Kris Jurka <books@ejurka.com> writes: > On Thu, 4 May 2006, Tom Lane wrote: >> Don't try to compile SSL CRL support if local SSL installation hasn't >> got it. Per buildfarm failure on 'canary'. > It seems a little bit dangerous to just not check the CRL without so much > as a warning message. [ shrug... ] Anyone who's running openssl 0.9.6, or whatever that is on canary, isn't expecting CRL support anyway. And all I did is restore the behavior we've had for lo these past many years. regards, tom lane