diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2025-02-06 20:26:46 +0100 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2025-02-06 20:26:46 +0100 |
| commit | 44ec09575145e908be8130de701e5c83995d1abe (patch) | |
| tree | a846231e9979226bcf5209862ac37867954c89f9 | |
| parent | 527f8fec220b4c3b84d353543e9741b76d396a11 (diff) | |
| download | postgresql-44ec09575145e908be8130de701e5c83995d1abe.tar.gz postgresql-44ec09575145e908be8130de701e5c83995d1abe.zip | |
Remove support for linking with libeay32 and ssleay32
The OpenSSL project stopped using the eay names back in 2016
on platforms other than Microsoft Windows, and version 1.1.0
removed the names from Windows as well. Since we now require
OpenSSL 1.1.1 we can remove support for using the eay names
from our tree as well.
Author: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/3C445F8E-D43E-4970-9CD9-A54882197714@yesql.se
Discussion: https://postgr.es/m/CAHrt6656W9OnFomQTHBGYDcM5CKZ7hcgzFt8L+N0ezBZfcN3zA@mail.gmail.com
| -rwxr-xr-x | configure | 123 | ||||
| -rw-r--r-- | configure.ac | 9 | ||||
| -rw-r--r-- | contrib/pgcrypto/Makefile | 1 | ||||
| -rw-r--r-- | contrib/sslinfo/Makefile | 2 | ||||
| -rw-r--r-- | src/interfaces/libpq/Makefile | 2 | ||||
| -rw-r--r-- | src/test/modules/ssl_passphrase_callback/Makefile | 2 |
6 files changed, 7 insertions, 132 deletions
diff --git a/configure b/configure index ceeef9b0915..0ffcaeb4367 100755 --- a/configure +++ b/configure @@ -12343,8 +12343,7 @@ if test "$with_ssl" = openssl ; then $as_echo "#define OPENSSL_API_COMPAT 0x10101000L" >>confdefs.h - if test "$PORTNAME" != "win32"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5 $as_echo_n "checking for CRYPTO_new_ex_data in -lcrypto... " >&6; } if ${ac_cv_lib_crypto_CRYPTO_new_ex_data+:} false; then : $as_echo_n "(cached) " >&6 @@ -12391,7 +12390,7 @@ else as_fn_error $? "library 'crypto' is required for OpenSSL" "$LINENO" 5 fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 $as_echo_n "checking for SSL_new in -lssl... " >&6; } if ${ac_cv_lib_ssl_SSL_new+:} false; then : $as_echo_n "(cached) " >&6 @@ -12438,124 +12437,6 @@ else as_fn_error $? "library 'ssl' is required for OpenSSL" "$LINENO" 5 fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing CRYPTO_new_ex_data" >&5 -$as_echo_n "checking for library containing CRYPTO_new_ex_data... " >&6; } -if ${ac_cv_search_CRYPTO_new_ex_data+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char CRYPTO_new_ex_data (); -int -main () -{ -return CRYPTO_new_ex_data (); - ; - return 0; -} -_ACEOF -for ac_lib in '' eay32 crypto; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_CRYPTO_new_ex_data=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_CRYPTO_new_ex_data+:} false; then : - break -fi -done -if ${ac_cv_search_CRYPTO_new_ex_data+:} false; then : - -else - ac_cv_search_CRYPTO_new_ex_data=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_CRYPTO_new_ex_data" >&5 -$as_echo "$ac_cv_search_CRYPTO_new_ex_data" >&6; } -ac_res=$ac_cv_search_CRYPTO_new_ex_data -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -else - as_fn_error $? "library 'eay32' or 'crypto' is required for OpenSSL" "$LINENO" 5 -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing SSL_new" >&5 -$as_echo_n "checking for library containing SSL_new... " >&6; } -if ${ac_cv_search_SSL_new+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SSL_new (); -int -main () -{ -return SSL_new (); - ; - return 0; -} -_ACEOF -for ac_lib in '' ssleay32 ssl; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_SSL_new=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_SSL_new+:} false; then : - break -fi -done -if ${ac_cv_search_SSL_new+:} false; then : - -else - ac_cv_search_SSL_new=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_SSL_new" >&5 -$as_echo "$ac_cv_search_SSL_new" >&6; } -ac_res=$ac_cv_search_SSL_new -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -else - as_fn_error $? "library 'ssleay32' or 'ssl' is required for OpenSSL" "$LINENO" 5 -fi - - fi # Functions introduced in OpenSSL 1.1.1. for ac_func in SSL_CTX_set_ciphersuites do : diff --git a/configure.ac b/configure.ac index d713360f340..f56681e0d91 100644 --- a/configure.ac +++ b/configure.ac @@ -1322,13 +1322,8 @@ if test "$with_ssl" = openssl ; then # Minimum required OpenSSL version is 1.1.1 AC_DEFINE(OPENSSL_API_COMPAT, [0x10101000L], [Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.]) - if test "$PORTNAME" != "win32"; then - AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) - AC_CHECK_LIB(ssl, SSL_new, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])]) - else - AC_SEARCH_LIBS(CRYPTO_new_ex_data, [eay32 crypto], [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])]) - AC_SEARCH_LIBS(SSL_new, [ssleay32 ssl], [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])]) - fi + AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) + AC_CHECK_LIB(ssl, SSL_new, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])]) # Functions introduced in OpenSSL 1.1.1. AC_CHECK_FUNCS([SSL_CTX_set_ciphersuites], [], [AC_MSG_ERROR([OpenSSL version >= 1.1.1 is required for SSL support])]) # Function introduced in OpenSSL 1.0.2, not in LibreSSL. diff --git a/contrib/pgcrypto/Makefile b/contrib/pgcrypto/Makefile index d40216dd420..11c4455dd05 100644 --- a/contrib/pgcrypto/Makefile +++ b/contrib/pgcrypto/Makefile @@ -61,7 +61,6 @@ endif # matter.) SHLIB_LINK += $(filter -lcrypto -lz, $(LIBS)) ifeq ($(PORTNAME), win32) -SHLIB_LINK += $(filter -leay32, $(LIBS)) # those must be at the end SHLIB_LINK += -lws2_32 endif diff --git a/contrib/sslinfo/Makefile b/contrib/sslinfo/Makefile index dd1ff83b16d..14305594e2d 100644 --- a/contrib/sslinfo/Makefile +++ b/contrib/sslinfo/Makefile @@ -20,4 +20,4 @@ include $(top_builddir)/src/Makefile.global include $(top_srcdir)/contrib/contrib-global.mk endif -SHLIB_LINK += $(filter -lssl -lcrypto -lssleay32 -leay32, $(LIBS)) +SHLIB_LINK += $(filter -lssl -lcrypto, $(LIBS)) diff --git a/src/interfaces/libpq/Makefile b/src/interfaces/libpq/Makefile index 6a0def7273c..701810a272a 100644 --- a/src/interfaces/libpq/Makefile +++ b/src/interfaces/libpq/Makefile @@ -86,7 +86,7 @@ else SHLIB_LINK += $(filter -lcrypt -ldes -lcom_err -lcrypto -lk5crypto -lkrb5 -lgssapi32 -lssl -lsocket -lnsl -lresolv -lintl -lm $(PTHREAD_LIBS), $(LIBS)) $(LDAP_LIBS_FE) endif ifeq ($(PORTNAME), win32) -SHLIB_LINK += -lshell32 -lws2_32 -lsecur32 $(filter -leay32 -lssleay32 -lcomerr32 -lkrb5_32, $(LIBS)) +SHLIB_LINK += -lshell32 -lws2_32 -lsecur32 $(filter -lcomerr32 -lkrb5_32, $(LIBS)) endif SHLIB_PREREQS = submake-libpgport diff --git a/src/test/modules/ssl_passphrase_callback/Makefile b/src/test/modules/ssl_passphrase_callback/Makefile index 40ed38dc707..7f977dbabf0 100644 --- a/src/test/modules/ssl_passphrase_callback/Makefile +++ b/src/test/modules/ssl_passphrase_callback/Makefile @@ -19,7 +19,7 @@ include $(top_builddir)/src/Makefile.global include $(top_srcdir)/contrib/contrib-global.mk endif -SHLIB_LINK += $(filter -lssl -lcrypto -lssleay32 -leay32, $(LIBS)) +SHLIB_LINK += $(filter -lssl -lcrypto, $(LIBS)) # Targets to generate or remove the ssl certificate and key # Normally not needed. Don't run these targets in a vpath build, the results |