From 348e8294f73ede569a054c74c467bb492f689e96 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Fri, 12 Apr 2024 13:12:17 +0200 Subject: [PATCH v7 4/5] Support SSL_R_VERSION_TOO_LOW on LibreSSL The SSL_R_VERSION_TOO_LOW error reason is supported in LibreSSL since LibreSSL 3.6.3, shipped in OpenSSL 7.2. Previously we only checked for SSL_R_VERSION_TOO_HIGH and then applied both under that guard since OpenSSL has only ever supported both at the same time. This breaks the check into one per reason to allow SSL_R_VERSION_TOO_LOW to work when using LibreSSL. Discussion: https://postgr.es/m/eac70d46-e61c-4d71-a1e1-78e2bfa19485@eisentraut.org --- src/backend/libpq/be-secure-openssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index efd49ffca8..59c71b15b5 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -542,6 +542,8 @@ aloop: case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION: #ifdef SSL_R_VERSION_TOO_HIGH case SSL_R_VERSION_TOO_HIGH: +#endif +#ifdef SSL_R_VERSION_TOO_LOW case SSL_R_VERSION_TOO_LOW: #endif give_proto_hint = true; -- 2.39.3 (Apple Git-146)