From 4653d703a85019e539ba93df9655d05cc4fb56ba Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Fri, 27 Dec 2024 14:46:52 +0100 Subject: [PATCH v1] Remove support for linking with libeay32 and ssleay32 The OpenSSL project stopped using the eay names back in 2016 on platforms other than Windows, and version 1.1.0 removed the names from Windows as well. Since we now require 1.1.1 we can remove the eay variants from our tree as well. Author: Daniel Gustafsson Discussion: https://postgr.es/m/CAHrt6656W9OnFomQTHBGYDcM5CKZ7hcgzFt8L+N0ezBZfcN3zA@mail.gmail.com Discussion: https://github.com/openssl/openssl/issues/10332#issuecomment-549027653 --- configure | 123 +----------------- configure.ac | 9 +- contrib/pgcrypto/Makefile | 1 - contrib/sslinfo/Makefile | 2 +- src/interfaces/libpq/Makefile | 2 +- .../modules/ssl_passphrase_callback/Makefile | 2 +- 6 files changed, 7 insertions(+), 132 deletions(-) diff --git a/configure b/configure index 518c33b73a..bed38873bf 100755 --- a/configure +++ b/configure @@ -12334,8 +12334,7 @@ if test "$with_ssl" = openssl ; then $as_echo "#define OPENSSL_API_COMPAT 0x10101000L" >>confdefs.h - if test "$PORTNAME" != "win32"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5 $as_echo_n "checking for CRYPTO_new_ex_data in -lcrypto... " >&6; } if ${ac_cv_lib_crypto_CRYPTO_new_ex_data+:} false; then : $as_echo_n "(cached) " >&6 @@ -12382,7 +12381,7 @@ else as_fn_error $? "library 'crypto' is required for OpenSSL" "$LINENO" 5 fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 $as_echo_n "checking for SSL_new in -lssl... " >&6; } if ${ac_cv_lib_ssl_SSL_new+:} false; then : $as_echo_n "(cached) " >&6 @@ -12429,124 +12428,6 @@ else as_fn_error $? "library 'ssl' is required for OpenSSL" "$LINENO" 5 fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing CRYPTO_new_ex_data" >&5 -$as_echo_n "checking for library containing CRYPTO_new_ex_data... " >&6; } -if ${ac_cv_search_CRYPTO_new_ex_data+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char CRYPTO_new_ex_data (); -int -main () -{ -return CRYPTO_new_ex_data (); - ; - return 0; -} -_ACEOF -for ac_lib in '' eay32 crypto; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_CRYPTO_new_ex_data=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_CRYPTO_new_ex_data+:} false; then : - break -fi -done -if ${ac_cv_search_CRYPTO_new_ex_data+:} false; then : - -else - ac_cv_search_CRYPTO_new_ex_data=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_CRYPTO_new_ex_data" >&5 -$as_echo "$ac_cv_search_CRYPTO_new_ex_data" >&6; } -ac_res=$ac_cv_search_CRYPTO_new_ex_data -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -else - as_fn_error $? "library 'eay32' or 'crypto' is required for OpenSSL" "$LINENO" 5 -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing SSL_new" >&5 -$as_echo_n "checking for library containing SSL_new... " >&6; } -if ${ac_cv_search_SSL_new+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SSL_new (); -int -main () -{ -return SSL_new (); - ; - return 0; -} -_ACEOF -for ac_lib in '' ssleay32 ssl; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_SSL_new=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_SSL_new+:} false; then : - break -fi -done -if ${ac_cv_search_SSL_new+:} false; then : - -else - ac_cv_search_SSL_new=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_SSL_new" >&5 -$as_echo "$ac_cv_search_SSL_new" >&6; } -ac_res=$ac_cv_search_SSL_new -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -else - as_fn_error $? "library 'ssleay32' or 'ssl' is required for OpenSSL" "$LINENO" 5 -fi - - fi # Functions introduced in OpenSSL 1.1.1. for ac_func in SSL_CTX_set_ciphersuites do : diff --git a/configure.ac b/configure.ac index 247ae97fa4..f900edb5e9 100644 --- a/configure.ac +++ b/configure.ac @@ -1322,13 +1322,8 @@ if test "$with_ssl" = openssl ; then # Minimum required OpenSSL version is 1.1.1 AC_DEFINE(OPENSSL_API_COMPAT, [0x10101000L], [Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.]) - if test "$PORTNAME" != "win32"; then - AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) - AC_CHECK_LIB(ssl, SSL_new, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])]) - else - AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])]) - AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])]) - fi + AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) + AC_CHECK_LIB(ssl, SSL_new, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])]) # Functions introduced in OpenSSL 1.1.1. AC_CHECK_FUNCS([SSL_CTX_set_ciphersuites], [], [AC_MSG_ERROR([OpenSSL version >= 1.1.1 is required for SSL support])]) # Function introduced in OpenSSL 1.0.2, not in LibreSSL. diff --git a/contrib/pgcrypto/Makefile b/contrib/pgcrypto/Makefile index 85f1c94681..84b77af867 100644 --- a/contrib/pgcrypto/Makefile +++ b/contrib/pgcrypto/Makefile @@ -61,7 +61,6 @@ endif # matter.) SHLIB_LINK += $(filter -lcrypto -lz, $(LIBS)) ifeq ($(PORTNAME), win32) -SHLIB_LINK += $(filter -leay32, $(LIBS)) # those must be at the end SHLIB_LINK += -lws2_32 endif diff --git a/contrib/sslinfo/Makefile b/contrib/sslinfo/Makefile index dd1ff83b16..14305594e2 100644 --- a/contrib/sslinfo/Makefile +++ b/contrib/sslinfo/Makefile @@ -20,4 +20,4 @@ include $(top_builddir)/src/Makefile.global include $(top_srcdir)/contrib/contrib-global.mk endif -SHLIB_LINK += $(filter -lssl -lcrypto -lssleay32 -leay32, $(LIBS)) +SHLIB_LINK += $(filter -lssl -lcrypto, $(LIBS)) diff --git a/src/interfaces/libpq/Makefile b/src/interfaces/libpq/Makefile index c1bf33dbdc..784c43c2c4 100644 --- a/src/interfaces/libpq/Makefile +++ b/src/interfaces/libpq/Makefile @@ -86,7 +86,7 @@ else SHLIB_LINK += $(filter -lcrypt -ldes -lcom_err -lcrypto -lk5crypto -lkrb5 -lgssapi32 -lssl -lsocket -lnsl -lresolv -lintl -lm $(PTHREAD_LIBS), $(LIBS)) $(LDAP_LIBS_FE) endif ifeq ($(PORTNAME), win32) -SHLIB_LINK += -lshell32 -lws2_32 -lsecur32 $(filter -leay32 -lssleay32 -lcomerr32 -lkrb5_32, $(LIBS)) +SHLIB_LINK += -lshell32 -lws2_32 -lsecur32 $(filter -lcomerr32 -lkrb5_32, $(LIBS)) endif SHLIB_PREREQS = submake-libpgport diff --git a/src/test/modules/ssl_passphrase_callback/Makefile b/src/test/modules/ssl_passphrase_callback/Makefile index 40ed38dc70..7f977dbabf 100644 --- a/src/test/modules/ssl_passphrase_callback/Makefile +++ b/src/test/modules/ssl_passphrase_callback/Makefile @@ -19,7 +19,7 @@ include $(top_builddir)/src/Makefile.global include $(top_srcdir)/contrib/contrib-global.mk endif -SHLIB_LINK += $(filter -lssl -lcrypto -lssleay32 -leay32, $(LIBS)) +SHLIB_LINK += $(filter -lssl -lcrypto, $(LIBS)) # Targets to generate or remove the ssl certificate and key # Normally not needed. Don't run these targets in a vpath build, the results -- 2.39.3 (Apple Git-146)