diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2018-01-04 19:09:27 -0500 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2018-01-04 19:09:27 -0500 |
| commit | 054e8c6cdb7f4261869e49d3ed7705cca475182e (patch) | |
| tree | 611d8062aac1e130ad0b10e221d68e4e28f8c101 /src/interfaces/libpq/fe-secure-openssl.c | |
| parent | 1834c1e432d22f9e186950c7dd8598958776e016 (diff) | |
| download | postgresql-054e8c6cdb7f4261869e49d3ed7705cca475182e.tar.gz postgresql-054e8c6cdb7f4261869e49d3ed7705cca475182e.zip | |
Another attempt at fixing build with various OpenSSL versions
It seems we can't easily work around the lack of
X509_get_signature_nid(), so revert the previous attempts and just
disable the tls-server-end-point feature if we don't have it.
Diffstat (limited to 'src/interfaces/libpq/fe-secure-openssl.c')
| -rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index ecd68061a2e..b50bfd144a1 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -58,7 +58,6 @@ #ifdef USE_SSL_ENGINE #include <openssl/engine.h> #endif -#include <openssl/x509.h> #include <openssl/x509v3.h> static bool verify_peer_name_matches_certificate(PGconn *); @@ -430,6 +429,7 @@ pgtls_get_finished(PGconn *conn, size_t *len) char * pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len) { +#ifdef HAVE_X509_GET_SIGNATURE_NID X509 *peer_cert; const EVP_MD *algo_type; unsigned char hash[EVP_MAX_MD_SIZE]; /* size for SHA-512 */ @@ -448,7 +448,7 @@ pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len) * Get the signature algorithm of the certificate to determine the hash * algorithm to use for the result. */ - if (!OBJ_find_sigid_algs(OBJ_obj2nid(peer_cert->sig_alg->algorithm), + if (!OBJ_find_sigid_algs(X509_get_signature_nid(peer_cert), &algo_nid, NULL)) { printfPQExpBuffer(&conn->errorMessage, @@ -499,6 +499,11 @@ pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len) *len = hash_size; return cert_hash; +#else + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("channel binding type \"tls-server-end-point\" is not supported by this build\n")); + return NULL; +#endif } /* ------------------------------------------------------------ */ |