diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2024-09-02 13:51:48 +0200 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2024-09-02 13:51:48 +0200 |
| commit | a70e01d4306fdbcd5fbedb4ca97e5c21c995da60 (patch) | |
| tree | 78a6e4588190fcd1568f98f28b3b38eef028c8e6 /meson.build | |
| parent | 6ebeeae29626e742bbe16db3fa6fccf1186c0dfb (diff) | |
| download | postgresql-a70e01d4306fdbcd5fbedb4ca97e5c21c995da60.tar.gz postgresql-a70e01d4306fdbcd5fbedb4ca97e5c21c995da60.zip | |
Remove support for OpenSSL older than 1.1.0
OpenSSL 1.0.2 has been EOL from the upstream OpenSSL project for
some time, and is no longer the default OpenSSL version with any
vendor which package PostgreSQL. By retiring support for OpenSSL
1.0.2 we can remove a lot of no longer required complexity for
managing state within libcrypto which is now handled by OpenSSL.
Reviewed-by: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/ZG3JNursG69dz1lr@paquier.xyz
Discussion: https://postgr.es/m/CA+hUKGKh7QrYzu=8yWEUJvXtMVm_CNWH1L_TLWCbZMwbi1XP2Q@mail.gmail.com
Diffstat (limited to 'meson.build')
| -rw-r--r-- | meson.build | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/meson.build b/meson.build index ea07126f78e..4764b09266e 100644 --- a/meson.build +++ b/meson.build @@ -1359,26 +1359,17 @@ if sslopt in ['auto', 'openssl'] ['CRYPTO_new_ex_data', {'required': true}], ['SSL_new', {'required': true}], - # Function introduced in OpenSSL 1.0.2, not in LibreSSL. - ['SSL_CTX_set_cert_cb'], - # Functions introduced in OpenSSL 1.1.0. We used to check for # OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it # doesn't have these OpenSSL 1.1.0 functions. So check for individual # functions. - ['OPENSSL_init_ssl'], - ['BIO_meth_new'], - ['ASN1_STRING_get0_data'], - ['HMAC_CTX_new'], - ['HMAC_CTX_free'], - - # OpenSSL versions before 1.1.0 required setting callback functions, for - # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock() - # function was removed. - ['CRYPTO_lock'], - - # Function introduced in OpenSSL 1.1.1 + ['OPENSSL_init_ssl', {'required': true}], + + # Function introduced in OpenSSL 1.0.2, not in LibreSSL. + ['SSL_CTX_set_cert_cb'], + + # Function introduced in OpenSSL 1.1.1, not in LibreSSL. ['X509_get_signature_info'], ['SSL_CTX_set_num_tickets'], ] @@ -1402,7 +1393,7 @@ if sslopt in ['auto', 'openssl'] if are_openssl_funcs_complete cdata.set('USE_OPENSSL', 1, description: 'Define to 1 to build with OpenSSL support. (-Dssl=openssl)') - cdata.set('OPENSSL_API_COMPAT', '0x10002000L', + cdata.set('OPENSSL_API_COMPAT', '0x10100000L', description: 'Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.') ssl_library = 'openssl' else |