On 08/29/2016 08:22 PM, Heikki Linnakangas wrote:
On 08/27/2016 05:15 PM, Peter Eisentraut wrote:
On 8/26/16 9:26 PM, Andreas Karlsson wrote:
I have attached a patch which removes the < 0.9.8 compatibility code.
Should we also add a version check to configure? We do not have any such
check currently.


I think that is not necessary.

I was going to change the configure test to check for a different
function that we use, that's only present in 0.9.8 and later. But the
only such functions were related to ECDH, and the use of those functions
is inside "#ifndef OPENSSL_NO_ECDH", so they're not suitable for the
autoconf test. So I gave up. If you try to build with 0.9.7, you'll get
compilation errors because of those ECDH symbols, and with 0.9.6,
probably on some other symbols.

Pushed with some small doc fixes, thanks Andreas! I'll continue
reviewing the rest of the patches.

Buildfarm animals "locust" and "prairiedog" are not happy with this. They seem to be using OpenSSL 0.9.7, as they failed with errors related to those ECDH calls:

be-secure-openssl.c: In function 'initialize_ecdh':
be-secure-openssl.c:978: error: 'EC_KEY' undeclared (first use in this function) be-secure-openssl.c:978: error: (Each undeclared identifier is reported only once
be-secure-openssl.c:978: error: for each function it appears in.)
be-secure-openssl.c:978: error: 'ecdh' undeclared (first use in this function) be-secure-openssl.c:979: warning: ISO C90 forbids mixed declarations and code be-secure-openssl.c:986: warning: implicit declaration of function 'EC_KEY_new_by_curve_name' be-secure-openssl.c:991: error: 'SSL_OP_SINGLE_ECDH_USE' undeclared (first use in this function) be-secure-openssl.c:992: warning: implicit declaration of function 'SSL_CTX_set_tmp_ecdh' be-secure-openssl.c:993: warning: implicit declaration of function 'EC_KEY_free'

I only now noticed that Tom said upthread that he still has a buildfarm critter using 0.9.7 (that's prairiedog). Sorry for the breakage.

It would be easy to put the version check back to still support 0.9.7, most of the changes in this commit was thanks to removing support for 0.9.6. But that'd complicate the upcoming 1.1.0 support patch slightly, so let's stick to the plan and drop the support for <= 0.9.7

Tom, Rémi, can you fix locust and prairiedog, please, by updating OpenSSL or removing --with-openssl?

- Heikki



--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to