On Thu, Dec 1, 2016 at 11:17 AM, Andreas Karlsson <andr...@proxel.se> wrote:
> On 12/01/2016 02:48 AM, Andres Freund wrote:
>> It appears openssl has removed the public definition of EVP_CIPHER_CTX
>> leading to pgcrypto failing with:

That's not much surprising, most distributions are still on 1.0.2 as
1.1.0 has created many breakages so a bunch of projects need to patch
first. This burden may take a couple of years to sort out.

> Yes, I believe this is one of the changes in OpenSSL 1.1. I guess you might
> be the first one to try to compile with 1.1 since
> 5ff4a67f63fd6d3eb01ff9707d4674ed54a89f3b was pushed.

Yes, I can see the failure as well using 1.1.0 on my OSX laptop with
homebrew packages.

> If we do not already have it I think we should get a build farm animal with
> OpenSSL 1.1.

I would really like to do it, but ArchLinux ARM is still on 1.0.2, as
is ArchLinux :(

Finally, attached is a patch to address the failure. make check is
passing here for 1.1.0 and 1.0.2. The problem is that OpenSSL 1.1
relies on an opaque structure here so we need to have the pgcrypto
code rely on a pointer and not a direct declaration of the structure.
EVP_CIPHER_CTX_free() and EVP_CIPHER_CTX_new() have been introduced in
0.9.8 which is the oldest version supported by HEAD, and 5ff4a67f is
HEAD-only, so there is no need to back-patch here.

I am adding that to the next CF so as we don't forget about it. I'll
just switch my laptop to OpenSSL 1.1.0 by default once the issue is
fixed, homebrew has packages for 1.0.2 and 1.1.0, that's easy enough
to switch.

Attachment: pgcrypto-openssl11-fix.patch
Description: application/download

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to