On Wed, Jun 21, 2023 at 10:11:33AM +0200, Peter Eisentraut wrote: > Backpatching the OPENSSL_API_COMPAT change would set the minimum OpenSSL > version to 1.0.1, which is newer than what was so far required in those > branches. That is the reason we didn't do this.
Looking at the relevant thread from 2020, this was still at the point where we did not consider supporting 3.0 for all the stable branches because 3.0 was in alpha: https://www.postgresql.org/message-id/3d4afcfc-0930-1389-b9f7-59bdf11fb...@2ndquadrant.com However, recent fixes like cab553a have made that possible, and we do build with OpenSSL 3.0 across the whole set of stable branches. Regarding the versions of OpenSSL supported: - REL_13_STABLE requires 1.0.1 since 7b283d0e1. - REL_12_STABLE and REL_11_STABLE require 0.9.8. For 0.9.8, OPENSSL_API_COMPAT needs to be set at 0x00908000L (see upstream's CHANGES.md). So I don't see a reason not to do as suggested by Andres? I have tested the attached patches across 11~13 with various versions of OpenSSL (OPENSSL_API_COMPAT exists since 1.1.0), and this is working here. Note that I don't have a MSVC environment at hand to test this change on Windows, still `perl -cw Solution.pm` is OK with it. What do you think about the attached patch set (one for each branch)? -- Michael
From 469d8c07cfcf22245b59cfe4573a70ea1720b8c1 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut <pe...@eisentraut.org> Date: Sun, 19 Jul 2020 12:14:42 +0200 Subject: [PATCH v2] Define OPENSSL_API_COMPAT This avoids deprecation warnings from newer OpenSSL versions (3.0.0 in particular). Discussion: https://www.postgresql.org/message-id/flat/FEF81714-D479-4512-839B-C769D2605F8A%40yesql.se --- src/include/pg_config.h.in | 4 ++++ src/include/pg_config.h.win32 | 4 ++++ configure | 6 +++++- configure.in | 3 +++ src/tools/msvc/Solution.pm | 10 +++++++++- 5 files changed, 25 insertions(+), 2 deletions(-) diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 912132dbc5..157b504ea6 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -778,6 +778,10 @@ /* Define bytes to use libc memset(). */ #undef MEMSET_LOOP_LIMIT +/* Define to the OpenSSL API version in use. This avoids deprecation warnings + from newer OpenSSL versions. */ +#undef OPENSSL_API_COMPAT + /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32 index 9510b98216..7fa151f41b 100644 --- a/src/include/pg_config.h.win32 +++ b/src/include/pg_config.h.win32 @@ -628,6 +628,10 @@ /* Define bytes to use libc memset(). */ #define MEMSET_LOOP_LIMIT 1024 +/* Define to the OpenSSL API version in use. This avoids deprecation warnings + from newer OpenSSL versions. */ +#define OPENSSL_API_COMPAT 0x00908000L + /* Define to the address where bug reports for this package should be sent. */ #define PACKAGE_BUGREPORT "pgsql-b...@postgresql.org" diff --git a/configure b/configure index 1577cf7ad3..dae02c8687 100755 --- a/configure +++ b/configure @@ -12063,7 +12063,11 @@ fi fi if test "$with_openssl" = yes ; then - if test "$PORTNAME" != "win32"; then + # Minimum required OpenSSL version is 0.9.8 + +$as_echo "#define OPENSSL_API_COMPAT 0x00908000L" >>confdefs.h + + if test "$PORTNAME" != "win32"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5 $as_echo_n "checking for CRYPTO_new_ex_data in -lcrypto... " >&6; } if ${ac_cv_lib_crypto_CRYPTO_new_ex_data+:} false; then : diff --git a/configure.in b/configure.in index 0b44e2119f..29de083fe8 100644 --- a/configure.in +++ b/configure.in @@ -1269,6 +1269,9 @@ fi if test "$with_openssl" = yes ; then dnl Order matters! + # Minimum required OpenSSL version is 0.9.8 + AC_DEFINE(OPENSSL_API_COMPAT, [0x00908000L], + [Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.]) if test "$PORTNAME" != "win32"; then AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) AC_CHECK_LIB(ssl, SSL_new, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])]) diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm index 984d63f5d7..c823655ed9 100644 --- a/src/tools/msvc/Solution.pm +++ b/src/tools/msvc/Solution.pm @@ -151,6 +151,8 @@ sub GenerateFiles { my $self = shift; my $bits = $self->{platform} eq 'Win32' ? 32 : 64; + my $openssl_api_compat; + my $ac_define_openssl_api_compat_found = 0; # Parse configure.in to get version numbers open(my $c, '<', "configure.in") @@ -167,10 +169,15 @@ sub GenerateFiles $self->{numver} = sprintf("%d%04d", $1, $2 ? $2 : 0); $self->{majorver} = sprintf("%d", $1); } + elsif (/\bAC_DEFINE\(OPENSSL_API_COMPAT, \[([0-9xL]+)\]/) + { + $ac_define_openssl_api_compat_found = 1; + $openssl_api_compat = $1; + } } close($c); confess "Unable to parse configure.in for all variables!" - if ($self->{strver} eq '' || $self->{numver} eq ''); + if ($self->{strver} eq '' || $self->{numver} eq '' || $ac_define_openssl_api_compat_found == 0); if (IsNewer("src/include/pg_config_os.h", "src/include/port/win32.h")) { @@ -254,6 +261,7 @@ sub GenerateFiles if ($self->{options}->{openssl}) { print $o "#define USE_OPENSSL 1\n"; + print $o "#define OPENSSL_API_COMPAT $openssl_api_compat\n"; my ($digit1, $digit2, $digit3) = $self->GetOpenSSLVersion(); -- 2.40.1
From b7d90c560c02e46ebd0ff1da1edf4140d80f56ff Mon Sep 17 00:00:00 2001 From: Peter Eisentraut <pe...@eisentraut.org> Date: Sun, 19 Jul 2020 12:14:42 +0200 Subject: [PATCH v2] Define OPENSSL_API_COMPAT This avoids deprecation warnings from newer OpenSSL versions (3.0.0 in particular). Discussion: https://www.postgresql.org/message-id/flat/FEF81714-D479-4512-839B-C769D2605F8A%40yesql.se --- src/include/pg_config.h.in | 4 ++++ src/include/pg_config.h.win32 | 4 ++++ configure | 6 +++++- configure.in | 3 +++ src/tools/msvc/Solution.pm | 10 +++++++++- 5 files changed, 25 insertions(+), 2 deletions(-) diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index d42f78b117..457a8713cc 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -808,6 +808,10 @@ /* Define bytes to use libc memset(). */ #undef MEMSET_LOOP_LIMIT +/* Define to the OpenSSL API version in use. This avoids deprecation warnings + from newer OpenSSL versions. */ +#undef OPENSSL_API_COMPAT + /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32 index de0eb00b91..268aa1c77d 100644 --- a/src/include/pg_config.h.win32 +++ b/src/include/pg_config.h.win32 @@ -641,6 +641,10 @@ /* Define bytes to use libc memset(). */ #define MEMSET_LOOP_LIMIT 1024 +/* Define to the OpenSSL API version in use. This avoids deprecation warnings + from newer OpenSSL versions. */ +#define OPENSSL_API_COMPAT 0x00908000L + /* Define to the address where bug reports for this package should be sent. */ #define PACKAGE_BUGREPORT "pgsql-b...@lists.postgresql.org" diff --git a/configure b/configure index f96450308d..ba8c26bd6e 100755 --- a/configure +++ b/configure @@ -12405,7 +12405,11 @@ fi fi if test "$with_openssl" = yes ; then - if test "$PORTNAME" != "win32"; then + # Minimum required OpenSSL version is 0.9.8 + +$as_echo "#define OPENSSL_API_COMPAT 0x00908000L" >>confdefs.h + + if test "$PORTNAME" != "win32"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5 $as_echo_n "checking for CRYPTO_new_ex_data in -lcrypto... " >&6; } if ${ac_cv_lib_crypto_CRYPTO_new_ex_data+:} false; then : diff --git a/configure.in b/configure.in index f568a0eaec..23d9ad2804 100644 --- a/configure.in +++ b/configure.in @@ -1274,6 +1274,9 @@ fi if test "$with_openssl" = yes ; then dnl Order matters! + # Minimum required OpenSSL version is 0.9.8 + AC_DEFINE(OPENSSL_API_COMPAT, [0x00908000L], + [Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.]) if test "$PORTNAME" != "win32"; then AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) AC_CHECK_LIB(ssl, SSL_new, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])]) diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm index 04e417901f..20ce233af4 100644 --- a/src/tools/msvc/Solution.pm +++ b/src/tools/msvc/Solution.pm @@ -147,6 +147,8 @@ sub GenerateFiles { my $self = shift; my $bits = $self->{platform} eq 'Win32' ? 32 : 64; + my $openssl_api_compat; + my $ac_define_openssl_api_compat_found = 0; # Parse configure.in to get version numbers open(my $c, '<', "configure.in") @@ -163,10 +165,15 @@ sub GenerateFiles $self->{numver} = sprintf("%d%04d", $1, $2 ? $2 : 0); $self->{majorver} = sprintf("%d", $1); } + elsif (/\bAC_DEFINE\(OPENSSL_API_COMPAT, \[([0-9xL]+)\]/) + { + $ac_define_openssl_api_compat_found = 1; + $openssl_api_compat = $1; + } } close($c); confess "Unable to parse configure.in for all variables!" - if ($self->{strver} eq '' || $self->{numver} eq ''); + if ($self->{strver} eq '' || $self->{numver} eq '' || $ac_define_openssl_api_compat_found == 0); if (IsNewer("src/include/pg_config_os.h", "src/include/port/win32.h")) { @@ -250,6 +257,7 @@ sub GenerateFiles if ($self->{options}->{openssl}) { print $o "#define USE_OPENSSL 1\n"; + print $o "#define OPENSSL_API_COMPAT $openssl_api_compat\n"; my ($digit1, $digit2, $digit3) = $self->GetOpenSSLVersion(); -- 2.40.1
From 176865ba8a4507b90329fa223269f696967ed928 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut <pe...@eisentraut.org> Date: Sun, 19 Jul 2020 12:14:42 +0200 Subject: [PATCH v2] Define OPENSSL_API_COMPAT This avoids deprecation warnings from newer OpenSSL versions (3.0.0 in particular). Discussion: https://www.postgresql.org/message-id/flat/FEF81714-D479-4512-839B-C769D2605F8A%40yesql.se --- src/include/pg_config.h.in | 4 ++++ configure | 6 +++++- configure.in | 3 +++ src/tools/msvc/Solution.pm | 10 +++++++++- 4 files changed, 21 insertions(+), 2 deletions(-) diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 745cca5b05..13fc4e0db6 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -758,6 +758,10 @@ /* Define bytes to use libc memset(). */ #undef MEMSET_LOOP_LIMIT +/* Define to the OpenSSL API version in use. This avoids deprecation warnings + from newer OpenSSL versions. */ +#undef OPENSSL_API_COMPAT + /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT diff --git a/configure b/configure index a461afffb2..83cdc390ea 100755 --- a/configure +++ b/configure @@ -12477,7 +12477,11 @@ fi fi if test "$with_openssl" = yes ; then - if test "$PORTNAME" != "win32"; then + # Minimum required OpenSSL version is 1.0.1 + +$as_echo "#define OPENSSL_API_COMPAT 0x10001000L" >>confdefs.h + + if test "$PORTNAME" != "win32"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5 $as_echo_n "checking for CRYPTO_new_ex_data in -lcrypto... " >&6; } if ${ac_cv_lib_crypto_CRYPTO_new_ex_data+:} false; then : diff --git a/configure.in b/configure.in index 48ea9ad17e..85faa1e91b 100644 --- a/configure.in +++ b/configure.in @@ -1258,6 +1258,9 @@ fi if test "$with_openssl" = yes ; then dnl Order matters! + # Minimum required OpenSSL version is 1.0.1 + AC_DEFINE(OPENSSL_API_COMPAT, [0x10001000L], + [Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.]) if test "$PORTNAME" != "win32"; then AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) AC_CHECK_LIB(ssl, SSL_new, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])]) diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm index 54537411ab..78328e1fac 100644 --- a/src/tools/msvc/Solution.pm +++ b/src/tools/msvc/Solution.pm @@ -152,6 +152,8 @@ sub GenerateFiles my $package_bugreport; my $package_url; my ($majorver, $minorver); + my $ac_define_openssl_api_compat_found = 0; + my $openssl_api_compat; # Parse configure.in to get version numbers open(my $c, '<', "configure.in") @@ -176,10 +178,15 @@ sub GenerateFiles $majorver = sprintf("%d", $1); $minorver = sprintf("%d", $2 ? $2 : 0); } + elsif (/\bAC_DEFINE\(OPENSSL_API_COMPAT, \[([0-9xL]+)\]/) + { + $ac_define_openssl_api_compat_found = 1; + $openssl_api_compat = $1; + } } close($c); confess "Unable to parse configure.in for all variables!" - unless $ac_init_found; + unless $ac_init_found && $ac_define_openssl_api_compat_found; if (IsNewer("src/include/pg_config_os.h", "src/include/port/win32.h")) { @@ -436,6 +443,7 @@ sub GenerateFiles LOCALE_T_IN_XLOCALE => undef, MAXIMUM_ALIGNOF => 8, MEMSET_LOOP_LIMIT => 1024, + OPENSSL_API_COMPAT => $openssl_api_compat, PACKAGE_BUGREPORT => qq{"$package_bugreport"}, PACKAGE_NAME => qq{"$package_name"}, PACKAGE_STRING => qq{"$package_name $package_version"}, -- 2.40.1
signature.asc
Description: PGP signature
