diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2024-10-24 15:20:19 +0200 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2024-10-24 15:20:19 +0200 |
| commit | 6c66b7443cebf3ff09ea76416a20fb6bb1d32a52 (patch) | |
| tree | 3133dc783cd351b714a7484284014058d2d2b63d /configure.ac | |
| parent | f81855171f95c4440d1d9f41bc9e5ac47eafb7a0 (diff) | |
| download | postgresql-6c66b7443cebf3ff09ea76416a20fb6bb1d32a52.tar.gz postgresql-6c66b7443cebf3ff09ea76416a20fb6bb1d32a52.zip | |
Raise the minimum supported OpenSSL version to 1.1.1
Commit a70e01d4306fdbcd retired support for OpenSSL 1.0.2 in order to get
rid of the need for manual initialization of the library. This left our
API usage compatible with 1.1.0 which was defined as the minimum required
version. Also mention that 3.4 is the minimum version required when using
LibreSSL.
An upcoming commit will introduce support for configuring TLSv1.3 cipher
suites which require an API call in OpenSSL 1.1.1 and onwards. In order
to support this setting this commit will set v1.1.1 as the new minimum
required version. The version-specific call for randomness init added
in commit c3333dbc0c0 is removed as it's no longer needed.
Author: Daniel Gustafsson <daniel@yesql.se>
Discussion: https://postgr.es/m/909A668B-06AD-47D1-B8EB-A164211AAD16@yesql.se
Discussion: https://postgr.es/m/tencent_063F89FA72CCF2E48A0DF5338841988E9809@qq.com
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/configure.ac b/configure.ac index 55f6c46d333..3c89b54bf12 100644 --- a/configure.ac +++ b/configure.ac @@ -1311,8 +1311,8 @@ fi if test "$with_ssl" = openssl ; then dnl Order matters! - # Minimum required OpenSSL version is 1.1.0 - AC_DEFINE(OPENSSL_API_COMPAT, [0x10100000L], + # Minimum required OpenSSL version is 1.1.1 + AC_DEFINE(OPENSSL_API_COMPAT, [0x10101000L], [Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.]) if test "$PORTNAME" != "win32"; then AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) @@ -1321,14 +1321,10 @@ if test "$with_ssl" = openssl ; then AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])]) AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])]) fi + # Functions introduced in OpenSSL 1.1.1. + AC_CHECK_FUNCS([SSL_CTX_set_ciphersuites], [], [AC_MSG_ERROR([OpenSSL version >= 1.1.1 is required for SSL support])]) # Function introduced in OpenSSL 1.0.2, not in LibreSSL. AC_CHECK_FUNCS([SSL_CTX_set_cert_cb]) - # Functions introduced in OpenSSL 1.1.0. We used to check for - # OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL - # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it - # doesn't have these OpenSSL 1.1.0 functions. So check for individual - # functions. - AC_CHECK_FUNCS([OPENSSL_init_ssl], [], [AC_MSG_ERROR([OpenSSL version >= 1.1.0 is required for SSL support])]) # Function introduced in OpenSSL 1.1.1, not in LibreSSL. AC_CHECK_FUNCS([X509_get_signature_info SSL_CTX_set_num_tickets]) AC_DEFINE([USE_OPENSSL], 1, [Define to 1 to build with OpenSSL support. (--with-ssl=openssl)]) |