Thread: Re: [COMMITTERS] pgsql: Support OpenSSL 1.1.0.

Heikki Linnakangas <heikki.linnakangas@iki.fi> writes:
> Support OpenSSL 1.1.0.

Buildfarm member curculio doesn't like this patch.  I suspect the reason
is it's got some slightly-too-old version of OpenSSL, but if so, we ought
to try to fix configure's probe so the problem gets reported at configure
time, not somewhere down in the build.

Mikael, what openssl version is on that box exactly?  (And could you
fix it to start building the 9.6 branch?)
        regards, tom lane

On 09/15/2016 07:41 PM, Tom Lane wrote:
> Heikki Linnakangas <heikki.linnakangas@iki.fi> writes:
>> Support OpenSSL 1.1.0.
>
> Buildfarm member curculio doesn't like this patch.  I suspect the reason
> is it's got some slightly-too-old version of OpenSSL, but if so, we ought
> to try to fix configure's probe so the problem gets reported at configure
> time, not somewhere down in the build.
>
> Mikael, what openssl version is on that box exactly?  (And could you
> fix it to start building the 9.6 branch?)

Hmm, that's odd:

> be-secure-openssl.c: In function 'my_BIO_s_socket':
> be-secure-openssl.c:732: warning: implicit declaration of function 'BIO_get_new_index'
> be-secure-openssl.c:735: warning: implicit declaration of function 'BIO_meth_new'
> be-secure-openssl.c:735: warning: assignment makes pointer from integer without a cast> ...

It looks it's taking the OpenSSL 1.1.0 codepath:

> #if OPENSSL_VERSION_NUMBER >= 0x10100000L
>         int            my_bio_index;
>
>         my_bio_index = BIO_get_new_index();
>         if (my_bio_index == -1)
>             return NULL;> ...

Wild guess: curculio is building with LibreSSL, which claims to be 
OpenSSL >= 1.1.0, but it doesn't actually implement all the functions 
that OpenSSL 1.1.0 does.

Looks like we need some more autoconf scripting to detect LibreSSL. Or 
switch to detecting the existence of individual functions, rather than 
checking the version number. That would be more autoconf-like anyway.

- Heikki

On 09/15/2016 07:51 PM, Heikki Linnakangas wrote:
> Wild guess: curculio is building with LibreSSL, which claims to be
> OpenSSL >= 1.1.0, but it doesn't actually implement all the functions
> that OpenSSL 1.1.0 does.
>
> Looks like we need some more autoconf scripting to detect LibreSSL. Or
> switch to detecting the existence of individual functions, rather than
> checking the version number. That would be more autoconf-like anyway.

I downloaded LibreSSL and I'm getting similar errors on my laptop. So 
yes, that seems to be the problem. LibreSSL defines:

> /* These will change with each release of LibreSSL-portable */
> #define LIBRESSL_VERSION_NUMBER 0x2040200fL
> #define LIBRESSL_VERSION_TEXT   "LibreSSL 2.4.2"
>
> /* These will never change */
> #define OPENSSL_VERSION_NUMBER  0x20000000L
> #define OPENSSL_VERSION_TEXT    LIBRESSL_VERSION_TEXT
> #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT

I'm going to replace the OPENSSL_VERSION_NUMBER #ifdefs with autoconf 
AC_CHECK_FUNCS checks for the actual functions we need.

- Heikki