Re: [HACKERS] SSL compression info in psql header
On Tue, Jul 15, 2014 at 6:03 PM, Tom Lane wrote: > Magnus Hagander writes: >> Being a completely newbie when it comes to writing configure checks - >> does this seem correct? > > Looks reasonable to me. Thanks, I've applied it - let's hope the buildfarm is happier now. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] SSL compression info in psql header
Magnus Hagander writes: > Being a completely newbie when it comes to writing configure checks - > does this seem correct? Looks reasonable to me. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] SSL compression info in psql header
On Tue, Jul 15, 2014 at 4:41 PM, Tom Lane wrote: > Magnus Hagander writes: >> Out of curiosity, since one of those boxes seems to be yours, which >> version of OpenSSL does it actually have? > > Claims to be 0.9.7: > > cube:~ tgl$ ls -l /usr/lib/*ssl* > -rwxr-xr-x 1 root wheel 266940 Nov 7 2010 /usr/lib/libssl.0.9.7.dylib* > -rwxr-xr-x 1 root wheel 257700 Nov 7 2010 /usr/lib/libssl.0.9.dylib* > lrwxr-xr-x 1 root wheel 18 Jul 1 2009 /usr/lib/libssl.dylib@ -> > libssl.0.9.7.dylib > > The box evidently has "0.9" installed as well, but our build should be > seizing on the symlink and finding 0.9.7. Weird. It should bei n that version. Either way, we clearly need a configure check for it. Being a completely newbie when it comes to writing configure checks - does this seem correct? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ *** a/configure --- b/configure *** *** 8509,8514 else --- 8509,8525 as_fn_error $? "library 'ssl' is required for OpenSSL" "$LINENO" 5 fi + for ac_func in SSL_get_current_compression + do : + ac_fn_c_check_func "$LINENO" "SSL_get_current_compression" "ac_cv_func_SSL_get_current_compression" + if test "x$ac_cv_func_SSL_get_current_compression" = xyes; then : + cat >>confdefs.h <<_ACEOF + #define HAVE_SSL_GET_CURRENT_COMPRESSION 1 + _ACEOF + + fi + done + else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing CRYPTO_new_ex_data" >&5 $as_echo_n "checking for library containing CRYPTO_new_ex_data... " >&6; } *** a/configure.in --- b/configure.in *** *** 950,955 if test "$with_openssl" = yes ; then --- 950,956 if test "$PORTNAME" != "win32"; then AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) AC_CHECK_LIB(ssl,SSL_library_init, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])]) + AC_CHECK_FUNCS([SSL_get_current_compression]) else AC_SEARCH_LIBS(CRYPTO_new_ex_data, eay32 crypto, [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])]) AC_SEARCH_LIBS(SSL_library_init, ssleay32 ssl, [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])]) *** a/src/include/pg_config.h.in --- b/src/include/pg_config.h.in *** *** 430,435 --- 430,438 /* Define to 1 if you have the `srandom' function. */ #undef HAVE_SRANDOM + /* Define to 1 if you have the `SSL_get_current_compression' function. */ + #undef HAVE_SSL_GET_CURRENT_COMPRESSION + /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H *** a/src/include/pg_config.h.win32 --- b/src/include/pg_config.h.win32 *** *** 337,342 --- 337,345 /* Define to 1 if you have the `srandom' function. */ /* #undef HAVE_SRANDOM */ + /* Define to 1 if you have the `SSL_get_current_compression' function. */ + #define HAVE_SSL_GET_CURRENT_COMPRESSION 1 + /* Define to 1 if you have the header file. */ /* #undef HAVE_STDINT_H */ *** a/src/include/port.h --- b/src/include/port.h *** *** 420,425 extern void unsetenv(const char *name); --- 420,429 extern void srandom(unsigned int seed); #endif + #ifndef HAVE_SSL_GET_CURRENT_COMPRESSION + #define SSL_get_current_compression(x) 0 + #endif + /* thread.h */ extern char *pqStrerror(int errnum, char *strerrbuf, size_t buflen); -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] SSL compression info in psql header
Magnus Hagander writes: > Out of curiosity, since one of those boxes seems to be yours, which > version of OpenSSL does it actually have? Claims to be 0.9.7: cube:~ tgl$ ls -l /usr/lib/*ssl* -rwxr-xr-x 1 root wheel 266940 Nov 7 2010 /usr/lib/libssl.0.9.7.dylib* -rwxr-xr-x 1 root wheel 257700 Nov 7 2010 /usr/lib/libssl.0.9.dylib* lrwxr-xr-x 1 root wheel 18 Jul 1 2009 /usr/lib/libssl.dylib@ -> libssl.0.9.7.dylib The box evidently has "0.9" installed as well, but our build should be seizing on the symlink and finding 0.9.7. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] SSL compression info in psql header
On Tue, Jul 15, 2014 at 4:28 PM, Tom Lane wrote: > Magnus Hagander writes: >> As far as my research shows, the function >> SSL_get_current_compression() which it uses was added in OpenSSL >> 0.9.6, which is a long time ago (stopped being maintained in 2004). >> AFAICT even RHEL *3* shipped with 0.9.7. So I think we can safely rely >> on it, especially since we only check for whether it returns NULL or >> not. > > The buildfarm begs to differ. I think you'll need a configure check > for whether the function exists. Crap. Out of curiosity, since one of those boxes seems to be yours, which version of OpenSSL does it actually have? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] SSL compression info in psql header
Magnus Hagander writes: > As far as my research shows, the function > SSL_get_current_compression() which it uses was added in OpenSSL > 0.9.6, which is a long time ago (stopped being maintained in 2004). > AFAICT even RHEL *3* shipped with 0.9.7. So I think we can safely rely > on it, especially since we only check for whether it returns NULL or > not. The buildfarm begs to differ. I think you'll need a configure check for whether the function exists. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] SSL compression info in psql header
On Tue, Jul 15, 2014 at 1:08 AM, Robert Haas wrote: > On Sat, Jul 12, 2014 at 8:49 AM, Magnus Hagander wrote: >> It's today really hard to figure out if your SSL connection is >> actually *using* SSL compression. This got extra hard when we the >> default value started getting influenced by environment variables at >> least on many platforms after the crime attacks. ISTM we should be >> making this easier for the user. >> >> Attached patch adds compression info at least to the header of the >> psql banner, as that's very non-intrusive. I think this is a small >> enough change, yet very useful, that we should squeeze it into 9.4 >> before the next beta. Not sure if it can be qualified enough of a bug >> to backpatch further than that though. >> >> As far as my research shows, the function >> SSL_get_current_compression() which it uses was added in OpenSSL >> 0.9.6, which is a long time ago (stopped being maintained in 2004). >> AFAICT even RHEL *3* shipped with 0.9.7. So I think we can safely rely >> on it, especially since we only check for whether it returns NULL or >> not. >> >> Comments? > > Seems like a fine change. I think it would be OK to slip it into 9.4, > too, but I don't think we should back-patch it further than that. Applied and backpatched to 9.4. I also included updating the similar row that goes in the server log (new as of 9.4) to include it, for consistency. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] SSL compression info in psql header
On Sat, Jul 12, 2014 at 8:49 AM, Magnus Hagander wrote: > It's today really hard to figure out if your SSL connection is > actually *using* SSL compression. This got extra hard when we the > default value started getting influenced by environment variables at > least on many platforms after the crime attacks. ISTM we should be > making this easier for the user. > > Attached patch adds compression info at least to the header of the > psql banner, as that's very non-intrusive. I think this is a small > enough change, yet very useful, that we should squeeze it into 9.4 > before the next beta. Not sure if it can be qualified enough of a bug > to backpatch further than that though. > > As far as my research shows, the function > SSL_get_current_compression() which it uses was added in OpenSSL > 0.9.6, which is a long time ago (stopped being maintained in 2004). > AFAICT even RHEL *3* shipped with 0.9.7. So I think we can safely rely > on it, especially since we only check for whether it returns NULL or > not. > > Comments? Seems like a fine change. I think it would be OK to slip it into 9.4, too, but I don't think we should back-patch it further than that. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers