Re: pgsql: Fix compilation on OpenSSL 1.0.2 and LibreSSL
On 03/05/2024 11:44, Daniel Gustafsson wrote: On 2 May 2024, at 12:30, Heikki Linnakangas wrote: On 02/05/2024 13:24, Daniel Gustafsson wrote: This makes targeting 7.0 as the lowest LibreSSL version appealing in my patchset for removing support for old OpenSSL and LibreSSL versions. Works for me. Although there's little harm in keeping the "#ifdef SSL_AD_NO_APPLICATION_PROTOCOL" either, if that's the only thing missing from 6.9. In the meantime I'll apply the below to keep the comment correct and to help future-me when revisiting SSL library support =) -* OpenSSL 1.1.0 and later, but as of this writing not in LibreSSL. +* OpenSSL 1.1.0 and later, as well as in LibreSSL 3.4.3 (OpenBSD 7.0) and +* later. Any objections to that? Sounds good -- Heikki Linnakangas Neon (https://neon.tech)
Re: pgsql: Fix compilation on OpenSSL 1.0.2 and LibreSSL
> On 2 May 2024, at 12:30, Heikki Linnakangas wrote: > On 02/05/2024 13:24, Daniel Gustafsson wrote: >> This makes targeting 7.0 as the lowest LibreSSL version appealing in my >> patchset for removing support for old OpenSSL and LibreSSL versions. > > Works for me. Although there's little harm in keeping the "#ifdef > SSL_AD_NO_APPLICATION_PROTOCOL" either, if that's the only thing missing from > 6.9. In the meantime I'll apply the below to keep the comment correct and to help future-me when revisiting SSL library support =) -* OpenSSL 1.1.0 and later, but as of this writing not in LibreSSL. +* OpenSSL 1.1.0 and later, as well as in LibreSSL 3.4.3 (OpenBSD 7.0) and +* later. Any objections to that? -- Daniel Gustafsson
Re: pgsql: Fix compilation on OpenSSL 1.0.2 and LibreSSL
On 02/05/2024 13:24, Daniel Gustafsson wrote: On 2 May 2024, at 11:30, Heikki Linnakangas wrote: And I don't see the symbol in a fresh checkout of the portable libressl repository at https://github.com/libressl/portable. The portable repo only contains the portable parts, did you pull the libssl code with ./autogen? Ah, ok, I did not. If so you should be able to see it, like below: :~/dev/tls/libressl $ git clone g...@github.com:libressl/portable.git :~/dev/tls/libressl $ cd portable/ :~/dev/tls/libressl/portable (master) $ git checkout OPENBSD_7_0 branch 'OPENBSD_7_0' set up to track 'origin/OPENBSD_7_0'. Switched to a new branch 'OPENBSD_7_0' :~/dev/tls/libressl/portable (OPENBSD_7_0) $ ./autogen.sh ... :~/dev/tls/libressl/portable (OPENBSD_7_0) $ cd openbsd/ :~/dev/tls/libressl/portable/openbsd (OPENBSD_7_0) $ git grep SSL_AD_NO_APPLICATION_PROTOCOL src/lib/libssl/ssl.h:#define SSL_AD_NO_APPLICATION_PROTOCOL 120 src/lib/libssl/ssl_tlsext.c:*alert = SSL_AD_NO_APPLICATION_PROTOCOL; This makes targeting 7.0 as the lowest LibreSSL version appealing in my patchset for removing support for old OpenSSL and LibreSSL versions. Works for me. Although there's little harm in keeping the "#ifdef SSL_AD_NO_APPLICATION_PROTOCOL" either, if that's the only thing missing from 6.9. -- Heikki Linnakangas Neon (https://neon.tech)
Re: pgsql: Fix compilation on OpenSSL 1.0.2 and LibreSSL
> On 2 May 2024, at 11:30, Heikki Linnakangas wrote: > > On 02/05/2024 12:09, Daniel Gustafsson wrote: >>> On 30 Apr 2024, at 07:26, Heikki Linnakangas >>> wrote: >>> Fix compilation on OpenSSL 1.0.2 and LibreSSL >>> >>> SSL_AD_NO_APPLICATION_PROTOCOL was introduced in OpenSSL 1.1.0. >> +* https://github.com/openssl/openssl/issues/24300. This is >> available in >> +* OpenSSL 1.1.0 and later, but as of this writing not in LibreSSL. >> I'm a bit confused, as far as I can tell this has been in LibreSSL since the >> OpenBSD 6.9 release. >> https://github.com/openbsd/src/blob/master/lib/libssl/ssl_tlsext.c#L130 >> Or am I missing something? > > Hmm, I'm not sure how exactly LibreSSL is versioned. But morepork runs > OpenBSD 6.9, and it was one of the failing buildfarm members: > https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=morepork&dt=2024-04-30%2004%3A30%3A28. Turns out I fat-fingered my grep, it's available starting with OpenBSD 7.0 so the morepork failure makes sense. > And I don't see the symbol in a fresh checkout of the portable libressl > repository at https://github.com/libressl/portable. The portable repo only contains the portable parts, did you pull the libssl code with ./autogen? If so you should be able to see it, like below: :~/dev/tls/libressl $ git clone g...@github.com:libressl/portable.git :~/dev/tls/libressl $ cd portable/ :~/dev/tls/libressl/portable (master) $ git checkout OPENBSD_7_0 branch 'OPENBSD_7_0' set up to track 'origin/OPENBSD_7_0'. Switched to a new branch 'OPENBSD_7_0' :~/dev/tls/libressl/portable (OPENBSD_7_0) $ ./autogen.sh ... :~/dev/tls/libressl/portable (OPENBSD_7_0) $ cd openbsd/ :~/dev/tls/libressl/portable/openbsd (OPENBSD_7_0) $ git grep SSL_AD_NO_APPLICATION_PROTOCOL src/lib/libssl/ssl.h:#define SSL_AD_NO_APPLICATION_PROTOCOL 120 src/lib/libssl/ssl_tlsext.c:*alert = SSL_AD_NO_APPLICATION_PROTOCOL; This makes targeting 7.0 as the lowest LibreSSL version appealing in my patchset for removing support for old OpenSSL and LibreSSL versions. -- Daniel Gustafsson
Re: pgsql: Fix compilation on OpenSSL 1.0.2 and LibreSSL
On 02/05/2024 12:09, Daniel Gustafsson wrote: On 30 Apr 2024, at 07:26, Heikki Linnakangas wrote: Fix compilation on OpenSSL 1.0.2 and LibreSSL SSL_AD_NO_APPLICATION_PROTOCOL was introduced in OpenSSL 1.1.0. +* https://github.com/openssl/openssl/issues/24300. This is available in +* OpenSSL 1.1.0 and later, but as of this writing not in LibreSSL. I'm a bit confused, as far as I can tell this has been in LibreSSL since the OpenBSD 6.9 release. https://github.com/openbsd/src/blob/master/lib/libssl/ssl_tlsext.c#L130 Or am I missing something? Hmm, I'm not sure how exactly LibreSSL is versioned. But morepork runs OpenBSD 6.9, and it was one of the failing buildfarm members: https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=morepork&dt=2024-04-30%2004%3A30%3A28. And I don't see the symbol in a fresh checkout of the portable libressl repository at https://github.com/libressl/portable. -- Heikki Linnakangas Neon (https://neon.tech)
Re: pgsql: Fix compilation on OpenSSL 1.0.2 and LibreSSL
> On 30 Apr 2024, at 07:26, Heikki Linnakangas > wrote: > Fix compilation on OpenSSL 1.0.2 and LibreSSL > > SSL_AD_NO_APPLICATION_PROTOCOL was introduced in OpenSSL 1.1.0. +* https://github.com/openssl/openssl/issues/24300. This is available in +* OpenSSL 1.1.0 and later, but as of this writing not in LibreSSL. I'm a bit confused, as far as I can tell this has been in LibreSSL since the OpenBSD 6.9 release. https://github.com/openbsd/src/blob/master/lib/libssl/ssl_tlsext.c#L130 Or am I missing something? -- Daniel Gustafsson
