Thread: pgsql: Don't try to compile SSL CRL support if local SSL installation
pgsql: Don't try to compile SSL CRL support if local SSL installation
From
tgl@postgresql.org (Tom Lane)
Date:
Log Message:
-----------
Don't try to compile SSL CRL support if local SSL installation hasn't
got it. Per buildfarm failure on 'canary'.
Modified Files:
--------------
pgsql/src/backend/libpq:
be-secure.c (r1.66 -> r1.67)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/libpq/be-secure.c.diff?r1=1.66&r2=1.67)
On Thu, 4 May 2006, Tom Lane wrote: > Log Message: > ----------- > Don't try to compile SSL CRL support if local SSL installation hasn't > got it. Per buildfarm failure on 'canary'. > It seems a little bit dangerous to just not check the CRL without so much as a warning message. CRL support came around in openssl 0.9.7 which was quite some time ago. Last time we discussed[1] this it looked like the 0.9.6 branch was still being maintained, but it's been over two years since the last 0.9.6 release[2]. I'd suggest de-supporting 0.9.6 or some sort of log message if there is a CRL file that we're not going to check. Kris Jurka [1] http://archives.postgresql.org/pgsql-committers/2005-07/msg00194.php [2] http://www.openssl.org/news/
Kris Jurka <books@ejurka.com> writes:
> On Thu, 4 May 2006, Tom Lane wrote:
>> Don't try to compile SSL CRL support if local SSL installation hasn't
>> got it. Per buildfarm failure on 'canary'.
> It seems a little bit dangerous to just not check the CRL without so much
> as a warning message.
[ shrug... ] Anyone who's running openssl 0.9.6, or whatever that is on
canary, isn't expecting CRL support anyway. And all I did is restore
the behavior we've had for lo these past many years.
regards, tom lane