>From https://dev.mysql.com/doc/refman/5.7/en/mysql-options.html o MYSQL_OPT_SSL_VERIFY_SERVER_CERT (argument type: my_bool *) This option is deprecated as of MySQL 5.7.11 and is removed in MySQL 8.0. Instead, use MYSQL_OPT_SSL_MODE with a value of SSL_MODE_VERIFY_IDENTITY.
There are some issues in case postfix builds against mariadb or percona instead mysql, because both define MYSQL_VERSION_ID >= 50711 and only mariadb also defines MARIADB_VERSION_ID. mariadb (10.2.13): #define MYSQL_VERSION_ID 100212 #define MARIADB_VERSION_ID 100212 percona (5.7.20-18): #define MYSQL_VERSION_ID 50720 Given the listed MYSQL_VERSION_ID's the following diff should be safe. --- src/global/dict_mysql.c.orig 2017-02-19 01:58:20 UTC +++ src/global/dict_mysql.c @@ -656,7 +656,11 @@ static void plmysql_connect_single(DICT_ dict_mysql->tls_key_file, dict_mysql->tls_cert_file, dict_mysql->tls_CAfile, dict_mysql->tls_CApath, dict_mysql->tls_ciphers); -#if MYSQL_VERSION_ID >= 50023 +#if MYSQL_VERSION_ID >= 80000 && !defined(MARIADB_VERSION_ID) + if (dict_mysql->tls_verify_cert != -1) + mysql_options(host->db, MYSQL_OPT_SSL_MODE, + &dict_mysql->tls_verify_cert); +#elif MYSQL_VERSION_ID >= 50023 if (dict_mysql->tls_verify_cert != -1) mysql_options(host->db, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &dict_mysql->tls_verify_cert);
--- src/global/dict_mysql.c.orig 2017-02-19 01:58:20 UTC +++ src/global/dict_mysql.c @@ -656,7 +656,11 @@ static void plmysql_connect_single(DICT_ dict_mysql->tls_key_file, dict_mysql->tls_cert_file, dict_mysql->tls_CAfile, dict_mysql->tls_CApath, dict_mysql->tls_ciphers); -#if MYSQL_VERSION_ID >= 50023 +#if MYSQL_VERSION_ID >= 80000 && !defined(MARIADB_VERSION_ID) + if (dict_mysql->tls_verify_cert != -1) + mysql_options(host->db, MYSQL_OPT_SSL_MODE, + &dict_mysql->tls_verify_cert); +#elif MYSQL_VERSION_ID >= 50023 if (dict_mysql->tls_verify_cert != -1) mysql_options(host->db, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &dict_mysql->tls_verify_cert);