Move OpenSSL routines for min/max protocol setting to src/common/ Two routines have been added in OpenSSL 1.1.0 to set the protocol bounds allowed within a given SSL context: - SSL_CTX_set_min_proto_version - SSL_CTX_set_max_proto_version
As Postgres supports OpenSSL down to 1.0.1 (as of HEAD), equivalent replacements exist in the tree, which are only available for the backend. A follow-up patch is planned to add control of the SSL protocol bounds for libpq, so move those routines to src/common/ so as libpq can use them. Author: Daniel Gustafsson Discussion: https://postgr.es/m/[email protected] Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/f7cd5896a69621818189fbdd209fb2e1fc008102 Modified Files -------------- src/backend/libpq/be-secure-openssl.c | 99 +--------------------------- src/common/Makefile | 4 +- src/common/protocol_openssl.c | 117 ++++++++++++++++++++++++++++++++++ src/include/common/openssl.h | 28 ++++++++ src/tools/msvc/Mkvcbuild.pm | 1 + 5 files changed, 150 insertions(+), 99 deletions(-)
