agora inbox for [email protected]
help / color / mirror / Atom feedFrom: Andreas Karlsson <[email protected]>
Subject: [PATCH 3/3] Remove OpenSSL 1.1 deprecation warnings
Date: Tue, 28 Jun 2016 07:51:49 +0200
---
src/backend/libpq/be-secure-openssl.c | 23 ++++++++++++++++++++++-
src/interfaces/libpq/fe-secure-openssl.c | 15 +++++++--------
2 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 2fa2793..926dbf2 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -166,11 +166,13 @@ be_tls_init(void)
if (!SSL_context)
{
+#if SSLEAY_VERSION_NUMBER < 0x10100000L
#if SSLEAY_VERSION_NUMBER >= 0x0907000L
OPENSSL_config(NULL);
#endif
SSL_library_init();
SSL_load_error_strings();
+#endif
/*
* We use SSLv23_method() because it can negotiate use of the highest
@@ -854,6 +856,25 @@ load_dh_buffer(const char *buffer, size_t len)
return dh;
}
+static DH *
+generate_dh_params(int prime_len, int generator)
+{
+#if SSLEAY_VERSION_NUMBER >= 0x00908000L
+ DH *dh;
+
+ if ((dh = DH_new()) == NULL)
+ return NULL;
+
+ if (DH_generate_parameters_ex(dh, prime_len, generator, NULL))
+ return dh;
+
+ DH_free(dh);
+ return NULL;
+#else
+ return DH_generate_parameters(prime_len, generator, NULL, NULL);
+#endif
+}
+
/*
* Generate an ephemeral DH key. Because this can take a long
* time to compute, we can use precomputed parameters of the
@@ -923,7 +944,7 @@ tmp_dh_cb(SSL *s, int is_export, int keylength)
ereport(DEBUG2,
(errmsg_internal("DH: generating parameters (%d bits)",
keylength)));
- r = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NULL);
+ r = generate_dh_params(keylength, DH_GENERATOR_2);
}
return r;
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 56bc279..aa80284 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -731,16 +731,11 @@ verify_peer_name_matches_certificate(PGconn *conn)
return found_match && !got_error;
}
-#ifdef ENABLE_THREAD_SAFETY
+#if defined(ENABLE_THREAD_SAFETY) && SSLEAY_VERSION_NUMBER < 0x10100000L
/*
* Callback functions for OpenSSL internal locking
*/
-/* OpenSSL 1.1 no longer defines CRYPTO_LOCK */
-#ifndef CRYPTO_LOCK
-#define CRYPTO_LOCK 1
-#endif
-
static unsigned long
pq_threadidcallback(void)
{
@@ -768,7 +763,7 @@ pq_lockingcallback(int mode, int n, const char *file, int line)
PGTHREAD_ERROR("failed to unlock mutex");
}
}
-#endif /* ENABLE_THREAD_SAFETY */
+#endif /* ENABLE_THREAD_SAFETY && && SSLEAY_VERSION_NUMBER < 0x10100000L */
/*
* Initialize SSL system, in particular creating the SSL_context object
@@ -807,6 +802,7 @@ pgtls_init(PGconn *conn)
if (pthread_mutex_lock(&ssl_config_mutex))
return -1;
+#if SSLEAY_VERSION_NUMBER < 0x10100000L
if (pq_init_crypto_lib)
{
/*
@@ -847,10 +843,12 @@ pgtls_init(PGconn *conn)
CRYPTO_set_locking_callback(pq_lockingcallback);
}
}
+#endif
#endif /* ENABLE_THREAD_SAFETY */
if (!SSL_context)
{
+#if SSLEAY_VERSION_NUMBER < 0x10100000L
if (pq_init_ssl_lib)
{
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
@@ -859,6 +857,7 @@ pgtls_init(PGconn *conn)
SSL_library_init();
SSL_load_error_strings();
}
+#endif
/*
* We use SSLv23_method() because it can negotiate use of the highest
@@ -911,7 +910,7 @@ pgtls_init(PGconn *conn)
static void
destroy_ssl_system(void)
{
-#ifdef ENABLE_THREAD_SAFETY
+#if defined(ENABLE_THREAD_SAFETY) && SSLEAY_VERSION_NUMBER < 0x10100000L
/* Mutex is created in initialize_ssl_system() */
if (pthread_mutex_lock(&ssl_config_mutex))
return;
--
2.8.1
--------------DE698287B513FDFBBD5199C2
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
--------------DE698287B513FDFBBD5199C2--
view thread (87+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: [PATCH 3/3] Remove OpenSSL 1.1 deprecation warnings
In-Reply-To: <no-message-id-638023@localhost>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox