diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2024-09-02 13:51:48 +0200 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2024-09-02 13:51:48 +0200 |
| commit | a70e01d4306fdbcd5fbedb4ca97e5c21c995da60 (patch) | |
| tree | 78a6e4588190fcd1568f98f28b3b38eef028c8e6 /configure.ac | |
| parent | 6ebeeae29626e742bbe16db3fa6fccf1186c0dfb (diff) | |
| download | postgresql-a70e01d4306fdbcd5fbedb4ca97e5c21c995da60.tar.gz postgresql-a70e01d4306fdbcd5fbedb4ca97e5c21c995da60.zip | |
Remove support for OpenSSL older than 1.1.0
OpenSSL 1.0.2 has been EOL from the upstream OpenSSL project for
some time, and is no longer the default OpenSSL version with any
vendor which package PostgreSQL. By retiring support for OpenSSL
1.0.2 we can remove a lot of no longer required complexity for
managing state within libcrypto which is now handled by OpenSSL.
Reviewed-by: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/ZG3JNursG69dz1lr@paquier.xyz
Discussion: https://postgr.es/m/CA+hUKGKh7QrYzu=8yWEUJvXtMVm_CNWH1L_TLWCbZMwbi1XP2Q@mail.gmail.com
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/configure.ac b/configure.ac index 4e279c4bd66..6a35b2880bf 100644 --- a/configure.ac +++ b/configure.ac @@ -1314,8 +1314,8 @@ fi if test "$with_ssl" = openssl ; then dnl Order matters! - # Minimum required OpenSSL version is 1.0.2 - AC_DEFINE(OPENSSL_API_COMPAT, [0x10002000L], + # Minimum required OpenSSL version is 1.1.0 + AC_DEFINE(OPENSSL_API_COMPAT, [0x10100000L], [Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.]) if test "$PORTNAME" != "win32"; then AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) @@ -1331,12 +1331,8 @@ if test "$with_ssl" = openssl ; then # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it # doesn't have these OpenSSL 1.1.0 functions. So check for individual # functions. - AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free]) - # OpenSSL versions before 1.1.0 required setting callback functions, for - # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock() - # function was removed. - AC_CHECK_FUNCS([CRYPTO_lock]) - # Function introduced in OpenSSL 1.1.1. + AC_CHECK_FUNCS([OPENSSL_init_ssl], [], [AC_MSG_ERROR([OpenSSL version >= 1.1.0 is required for SSL support])]) + # Function introduced in OpenSSL 1.1.1, not in LibreSSL. AC_CHECK_FUNCS([X509_get_signature_info SSL_CTX_set_num_tickets]) AC_DEFINE([USE_OPENSSL], 1, [Define to 1 to build with OpenSSL support. (--with-ssl=openssl)]) elif test "$with_ssl" != no ; then |