diff options
| -rwxr-xr-x | configure | 110 | ||||
| -rw-r--r-- | configure.ac | 31 | ||||
| -rw-r--r-- | contrib/Makefile | 2 | ||||
| -rw-r--r-- | contrib/pgcrypto/Makefile | 4 | ||||
| -rw-r--r-- | doc/src/sgml/installation.sgml | 23 | ||||
| -rw-r--r-- | doc/src/sgml/pgcrypto.sgml | 2 | ||||
| -rw-r--r-- | doc/src/sgml/sslinfo.sgml | 2 | ||||
| -rw-r--r-- | src/Makefile.global.in | 2 | ||||
| -rw-r--r-- | src/backend/libpq/Makefile | 2 | ||||
| -rw-r--r-- | src/backend/libpq/hba.c | 2 | ||||
| -rw-r--r-- | src/common/Makefile | 2 | ||||
| -rw-r--r-- | src/include/pg_config.h.in | 2 | ||||
| -rw-r--r-- | src/interfaces/libpq/Makefile | 9 | ||||
| -rw-r--r-- | src/test/Makefile | 2 | ||||
| -rw-r--r-- | src/test/modules/Makefile | 2 | ||||
| -rw-r--r-- | src/test/modules/ssl_passphrase_callback/Makefile | 2 | ||||
| -rw-r--r-- | src/test/modules/ssl_passphrase_callback/t/001_testfunc.pl | 4 | ||||
| -rw-r--r-- | src/test/ssl/Makefile | 2 | ||||
| -rw-r--r-- | src/test/ssl/t/001_ssltests.pl | 6 | ||||
| -rw-r--r-- | src/test/ssl/t/002_scram.pl | 4 | ||||
| -rw-r--r-- | src/tools/msvc/Solution.pm | 2 | ||||
| -rw-r--r-- | src/tools/msvc/config_default.pl | 2 |
22 files changed, 137 insertions, 82 deletions
diff --git a/configure b/configure index e202697bbfa..ce9ea369993 100755 --- a/configure +++ b/configure @@ -653,6 +653,7 @@ LIBOBJS UUID_LIBS LDAP_LIBS_BE LDAP_LIBS_FE +with_ssl PTHREAD_CFLAGS PTHREAD_LIBS PTHREAD_CC @@ -709,7 +710,6 @@ with_uuid with_readline with_systemd with_selinux -with_openssl with_ldap with_krb_srvnam krb_srvtab @@ -854,7 +854,6 @@ with_pam with_bsd_auth with_ldap with_bonjour -with_openssl with_selinux with_systemd with_readline @@ -866,6 +865,8 @@ with_libxslt with_system_tzdata with_zlib with_gnu_ld +with_ssl +with_openssl enable_largefile ' ac_precious_vars='build_alias @@ -1556,7 +1557,6 @@ Optional Packages: --with-bsd-auth build with BSD Authentication support --with-ldap build with LDAP support --with-bonjour build with Bonjour support - --with-openssl build with OpenSSL support --with-selinux build with SELinux support --with-systemd build with systemd support --without-readline do not use GNU Readline nor BSD Libedit for editing @@ -1570,6 +1570,8 @@ Optional Packages: use system time zone data in DIR --without-zlib do not use Zlib --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-ssl=LIB use LIB for SSL/TLS support (openssl) + --with-openssl obsolete spelling of --with-ssl=openssl Some influential environment variables: CC C compiler command @@ -8071,41 +8073,6 @@ $as_echo "$with_bonjour" >&6; } # -# OpenSSL -# -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with OpenSSL support" >&5 -$as_echo_n "checking whether to build with OpenSSL support... " >&6; } - - - -# Check whether --with-openssl was given. -if test "${with_openssl+set}" = set; then : - withval=$with_openssl; - case $withval in - yes) - -$as_echo "#define USE_OPENSSL 1" >>confdefs.h - - ;; - no) - : - ;; - *) - as_fn_error $? "no argument expected for --with-openssl option" "$LINENO" 5 - ;; - esac - -else - with_openssl=no - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_openssl" >&5 -$as_echo "$with_openssl" >&6; } - - -# # SELinux # { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with SELinux support" >&5 @@ -12174,7 +12141,64 @@ fi fi fi +# +# SSL Library +# +# There is currently only one supported SSL/TLS library: OpenSSL. +# + + + +# Check whether --with-ssl was given. +if test "${with_ssl+set}" = set; then : + withval=$with_ssl; + case $withval in + yes) + as_fn_error $? "argument required for --with-ssl option" "$LINENO" 5 + ;; + no) + as_fn_error $? "argument required for --with-ssl option" "$LINENO" 5 + ;; + *) + + ;; + esac + +fi + + +if test x"$with_ssl" = x"" ; then + with_ssl=no +fi + + + +# Check whether --with-openssl was given. +if test "${with_openssl+set}" = set; then : + withval=$with_openssl; + case $withval in + yes) + : + ;; + no) + : + ;; + *) + as_fn_error $? "no argument expected for --with-openssl option" "$LINENO" 5 + ;; + esac + +else + with_openssl=no + +fi + + if test "$with_openssl" = yes ; then + with_ssl=openssl +fi + +if test "$with_ssl" = openssl ; then # Minimum required OpenSSL version is 1.0.1 $as_echo "#define OPENSSL_API_COMPAT 0x10001000L" >>confdefs.h @@ -12435,8 +12459,14 @@ _ACEOF fi done + +$as_echo "#define USE_OPENSSL 1" >>confdefs.h + +elif test "$with_ssl" != no ; then + as_fn_error $? "--with-ssl must specify openssl" "$LINENO" 5 fi + if test "$with_pam" = yes ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 $as_echo_n "checking for pam_start in -lpam... " >&6; } @@ -13322,7 +13352,7 @@ done fi -if test "$with_openssl" = yes ; then +if test "$with_ssl" = openssl ; then ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default" if test "x$ac_cv_header_openssl_ssl_h" = xyes; then : @@ -18098,7 +18128,7 @@ fi # will be used. { $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5 $as_echo_n "checking which random number source to use... " >&6; } -if test x"$with_openssl" = x"yes" ; then +if test x"$with_ssl" = x"openssl" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5 $as_echo "OpenSSL" >&6; } elif test x"$PORTNAME" = x"win32" ; then diff --git a/configure.ac b/configure.ac index a5ad072ee4a..07da84d4017 100644 --- a/configure.ac +++ b/configure.ac @@ -853,15 +853,6 @@ AC_MSG_RESULT([$with_bonjour]) # -# OpenSSL -# -AC_MSG_CHECKING([whether to build with OpenSSL support]) -PGAC_ARG_BOOL(with, openssl, no, [build with OpenSSL support], - [AC_DEFINE([USE_OPENSSL], 1, [Define to build with OpenSSL support. (--with-openssl)])]) -AC_MSG_RESULT([$with_openssl]) -AC_SUBST(with_openssl) - -# # SELinux # AC_MSG_CHECKING([whether to build with SELinux support]) @@ -1205,7 +1196,21 @@ if test "$with_gssapi" = yes ; then fi fi +# +# SSL Library +# +# There is currently only one supported SSL/TLS library: OpenSSL. +# +PGAC_ARG_REQ(with, ssl, [LIB], [use LIB for SSL/TLS support (openssl)]) +if test x"$with_ssl" = x"" ; then + with_ssl=no +fi +PGAC_ARG_BOOL(with, openssl, no, [obsolete spelling of --with-ssl=openssl]) if test "$with_openssl" = yes ; then + with_ssl=openssl +fi + +if test "$with_ssl" = openssl ; then dnl Order matters! # Minimum required OpenSSL version is 1.0.1 AC_DEFINE(OPENSSL_API_COMPAT, [0x10001000L], @@ -1229,7 +1234,11 @@ if test "$with_openssl" = yes ; then # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock() # function was removed. AC_CHECK_FUNCS([CRYPTO_lock]) + AC_DEFINE([USE_OPENSSL], 1, [Define to 1 if you have OpenSSL support.]) +elif test "$with_ssl" != no ; then + AC_MSG_ERROR([--with-ssl must specify openssl]) fi +AC_SUBST(with_ssl) if test "$with_pam" = yes ; then AC_CHECK_LIB(pam, pam_start, [], [AC_MSG_ERROR([library 'pam' is required for PAM])]) @@ -1402,7 +1411,7 @@ if test "$with_gssapi" = yes ; then [AC_CHECK_HEADERS(gssapi.h, [], [AC_MSG_ERROR([gssapi.h header file is required for GSSAPI])])]) fi -if test "$with_openssl" = yes ; then +if test "$with_ssl" = openssl ; then AC_CHECK_HEADER(openssl/ssl.h, [], [AC_MSG_ERROR([header file <openssl/ssl.h> is required for OpenSSL])]) AC_CHECK_HEADER(openssl/err.h, [], [AC_MSG_ERROR([header file <openssl/err.h> is required for OpenSSL])]) fi @@ -2159,7 +2168,7 @@ fi # first choice, else the native platform sources (Windows API or /dev/urandom) # will be used. AC_MSG_CHECKING([which random number source to use]) -if test x"$with_openssl" = x"yes" ; then +if test x"$with_ssl" = x"openssl" ; then AC_MSG_RESULT([OpenSSL]) elif test x"$PORTNAME" = x"win32" ; then AC_MSG_RESULT([Windows native]) diff --git a/contrib/Makefile b/contrib/Makefile index cdc041c7db7..f27e458482e 100644 --- a/contrib/Makefile +++ b/contrib/Makefile @@ -51,7 +51,7 @@ SUBDIRS = \ unaccent \ vacuumlo -ifeq ($(with_openssl),yes) +ifeq ($(with_ssl),openssl) SUBDIRS += sslinfo else ALWAYS_SUBDIRS += sslinfo diff --git a/contrib/pgcrypto/Makefile b/contrib/pgcrypto/Makefile index 316a26e58de..c0b4f1fcf68 100644 --- a/contrib/pgcrypto/Makefile +++ b/contrib/pgcrypto/Makefile @@ -10,8 +10,8 @@ OSSL_TESTS = sha2 des 3des cast5 ZLIB_TST = pgp-compression ZLIB_OFF_TST = pgp-zlib-DISABLED -CF_SRCS = $(if $(subst no,,$(with_openssl)), $(OSSL_SRCS), $(INT_SRCS)) -CF_TESTS = $(if $(subst no,,$(with_openssl)), $(OSSL_TESTS), $(INT_TESTS)) +CF_SRCS = $(if $(subst openssl,,$(with_ssl)), $(INT_SRCS), $(OSSL_SRCS)) +CF_TESTS = $(if $(subst openssl,,$(with_ssl)), $(INT_TESTS), $(OSSL_TESTS)) CF_PGP_TESTS = $(if $(subst no,,$(with_zlib)), $(ZLIB_TST), $(ZLIB_OFF_TST)) SRCS = \ diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml index a53389b728e..66ad4ba9380 100644 --- a/doc/src/sgml/installation.sgml +++ b/doc/src/sgml/installation.sgml @@ -967,7 +967,7 @@ build-postgresql: </varlistentry> <varlistentry> - <term><option>--with-openssl</option> + <term><option>--with-ssl=<replaceable>LIBRARY</replaceable></option> <indexterm> <primary>OpenSSL</primary> <seealso>SSL</seealso> @@ -976,11 +976,22 @@ build-postgresql: <listitem> <para> Build with support for <acronym>SSL</acronym> (encrypted) - connections. This requires the <productname>OpenSSL</productname> - package to be installed. <filename>configure</filename> will check - for the required header files and libraries to make sure that - your <productname>OpenSSL</productname> installation is sufficient - before proceeding. + connections. The only <replaceable>LIBRARY</replaceable> + supported is <option>openssl</option>. This requires the + <productname>OpenSSL</productname> package to be installed. + <filename>configure</filename> will check for the required + header files and libraries to make sure that your + <productname>OpenSSL</productname> installation is sufficient + before proceeding. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>--with-openssl</option></term> + <listitem> + <para> + Obsolete equivalent of <literal>--with-ssl=openssl</literal>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml index 3d74e15ec9b..b6bb23de0f9 100644 --- a/doc/src/sgml/pgcrypto.sgml +++ b/doc/src/sgml/pgcrypto.sgml @@ -1154,7 +1154,7 @@ gen_random_uuid() returns uuid <filename>pgcrypto</filename> configures itself according to the findings of the main PostgreSQL <literal>configure</literal> script. The options that affect it are <literal>--with-zlib</literal> and - <literal>--with-openssl</literal>. + <literal>--with-ssl=openssl</literal>. </para> <para> diff --git a/doc/src/sgml/sslinfo.sgml b/doc/src/sgml/sslinfo.sgml index 3213c039ca6..2a9c45a111b 100644 --- a/doc/src/sgml/sslinfo.sgml +++ b/doc/src/sgml/sslinfo.sgml @@ -22,7 +22,7 @@ <para> This extension won't build at all unless the installation was - configured with <literal>--with-openssl</literal>. + configured with <literal>--with-ssl=openssl</literal>. </para> <sect2> diff --git a/src/Makefile.global.in b/src/Makefile.global.in index 9a1688c97cb..74b3a6acd29 100644 --- a/src/Makefile.global.in +++ b/src/Makefile.global.in @@ -183,7 +183,7 @@ with_icu = @with_icu@ with_perl = @with_perl@ with_python = @with_python@ with_tcl = @with_tcl@ -with_openssl = @with_openssl@ +with_ssl = @with_ssl@ with_readline = @with_readline@ with_selinux = @with_selinux@ with_systemd = @with_systemd@ diff --git a/src/backend/libpq/Makefile b/src/backend/libpq/Makefile index efc5ef760aa..8d1d16b0fc5 100644 --- a/src/backend/libpq/Makefile +++ b/src/backend/libpq/Makefile @@ -28,7 +28,7 @@ OBJS = \ pqmq.o \ pqsignal.o -ifeq ($(with_openssl),yes) +ifeq ($(with_ssl),openssl) OBJS += be-secure-openssl.o endif diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index 371dccb852f..20bf1461cef 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -1041,7 +1041,7 @@ parse_hba_line(TokenizedLine *tok_line, int elevel) ereport(elevel, (errcode(ERRCODE_CONFIG_FILE_ERROR), errmsg("hostssl record cannot match because SSL is not supported by this build"), - errhint("Compile with --with-openssl to use SSL connections."), + errhint("Compile with --with-ssl=openssl to use SSL connections."), errcontext("line %d of configuration file \"%s\"", line_num, HbaFileName))); *err_msg = "hostssl record cannot match because SSL is not supported by this build"; diff --git a/src/common/Makefile b/src/common/Makefile index 1a1d0d3406c..5422579a6a2 100644 --- a/src/common/Makefile +++ b/src/common/Makefile @@ -80,7 +80,7 @@ OBJS_COMMON = \ wait_error.o \ wchar.o -ifeq ($(with_openssl),yes) +ifeq ($(with_ssl),openssl) OBJS_COMMON += \ protocol_openssl.o \ cryptohash_openssl.o diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index f4d9f3b408d..55cab4d2bf3 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -899,7 +899,7 @@ /* Define to select named POSIX semaphores. */ #undef USE_NAMED_POSIX_SEMAPHORES -/* Define to build with OpenSSL support. (--with-openssl) */ +/* Define to build with OpenSSL support. (--with-ssl=openssl) */ #undef USE_OPENSSL /* Define to 1 to build with PAM support. (--with-pam) */ diff --git a/src/interfaces/libpq/Makefile b/src/interfaces/libpq/Makefile index c4fde3f93dd..f74677eaf9b 100644 --- a/src/interfaces/libpq/Makefile +++ b/src/interfaces/libpq/Makefile @@ -45,9 +45,14 @@ OBJS = \ pqexpbuffer.o \ fe-auth.o -ifeq ($(with_openssl),yes) +# File shared across all SSL implementations supported. +ifneq ($(with_ssl),no) +OBJS += \ + fe-secure-common.o +endif + +ifeq ($(with_ssl),openssl) OBJS += \ - fe-secure-common.o \ fe-secure-openssl.o endif diff --git a/src/test/Makefile b/src/test/Makefile index ab1ef9a4753..f7859c2fd5e 100644 --- a/src/test/Makefile +++ b/src/test/Makefile @@ -28,7 +28,7 @@ ifneq (,$(filter ldap,$(PG_TEST_EXTRA))) SUBDIRS += ldap endif endif -ifeq ($(with_openssl),yes) +ifeq ($(with_ssl),openssl) ifneq (,$(filter ssl,$(PG_TEST_EXTRA))) SUBDIRS += ssl endif diff --git a/src/test/modules/Makefile b/src/test/modules/Makefile index 59921b46cf3..5391f461a25 100644 --- a/src/test/modules/Makefile +++ b/src/test/modules/Makefile @@ -28,7 +28,7 @@ SUBDIRS = \ unsafe_tests \ worker_spi -ifeq ($(with_openssl),yes) +ifeq ($(with_ssl),openssl) SUBDIRS += ssl_passphrase_callback else ALWAYS_SUBDIRS += ssl_passphrase_callback diff --git a/src/test/modules/ssl_passphrase_callback/Makefile b/src/test/modules/ssl_passphrase_callback/Makefile index f81265c2963..a34d7ea46a3 100644 --- a/src/test/modules/ssl_passphrase_callback/Makefile +++ b/src/test/modules/ssl_passphrase_callback/Makefile @@ -1,6 +1,6 @@ # ssl_passphrase_callback Makefile -export with_openssl +export with_ssl MODULE_big = ssl_passphrase_func OBJS = ssl_passphrase_func.o $(WIN32RES) diff --git a/src/test/modules/ssl_passphrase_callback/t/001_testfunc.pl b/src/test/modules/ssl_passphrase_callback/t/001_testfunc.pl index dbc084f870e..a2bed5336c0 100644 --- a/src/test/modules/ssl_passphrase_callback/t/001_testfunc.pl +++ b/src/test/modules/ssl_passphrase_callback/t/001_testfunc.pl @@ -7,9 +7,9 @@ use TestLib; use Test::More; use PostgresNode; -unless (($ENV{with_openssl} || 'no') eq 'yes') +unless ($ENV{with_ssl} eq 'openssl') { - plan skip_all => 'SSL not supported by this build'; + plan skip_all => 'OpenSSL not supported by this build'; } my $clearpass = "FooBaR1"; diff --git a/src/test/ssl/Makefile b/src/test/ssl/Makefile index 93335b1ea25..d545382eea2 100644 --- a/src/test/ssl/Makefile +++ b/src/test/ssl/Makefile @@ -13,7 +13,7 @@ subdir = src/test/ssl top_builddir = ../../.. include $(top_builddir)/src/Makefile.global -export with_openssl +export with_ssl CERTIFICATES := server_ca server-cn-and-alt-names \ server-cn-only server-single-alt-name server-multiple-alt-names \ diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index fd2727b5684..7928de4e7c2 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -11,13 +11,13 @@ use lib $FindBin::RealBin; use SSLServer; -if ($ENV{with_openssl} eq 'yes') +if ($ENV{with_ssl} ne 'openssl') { - plan tests => 93; + plan skip_all => 'OpenSSL not supported by this build'; } else { - plan skip_all => 'SSL not supported by this build'; + plan tests => 93; } #### Some configuration diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl index a088f71a1aa..410b9e910d9 100644 --- a/src/test/ssl/t/002_scram.pl +++ b/src/test/ssl/t/002_scram.pl @@ -13,9 +13,9 @@ use lib $FindBin::RealBin; use SSLServer; -if ($ENV{with_openssl} ne 'yes') +if ($ENV{with_ssl} ne 'openssl') { - plan skip_all => 'SSL not supported by this build'; + plan skip_all => 'OpenSSL not supported by this build'; } # This is the hostname used to connect to the server. diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm index 2f28de0355a..1c0c92fcd2c 100644 --- a/src/tools/msvc/Solution.pm +++ b/src/tools/msvc/Solution.pm @@ -1156,7 +1156,7 @@ sub GetFakeConfigure $cfg .= ' --with-ldap' if ($self->{options}->{ldap}); $cfg .= ' --without-zlib' unless ($self->{options}->{zlib}); $cfg .= ' --with-extra-version' if ($self->{options}->{extraver}); - $cfg .= ' --with-openssl' if ($self->{options}->{openssl}); + $cfg .= ' --with-ssl=openssl' if ($self->{options}->{openssl}); $cfg .= ' --with-uuid' if ($self->{options}->{uuid}); $cfg .= ' --with-libxml' if ($self->{options}->{xml}); $cfg .= ' --with-libxslt' if ($self->{options}->{xslt}); diff --git a/src/tools/msvc/config_default.pl b/src/tools/msvc/config_default.pl index 2ef2cfc4e99..5395e211eb2 100644 --- a/src/tools/msvc/config_default.pl +++ b/src/tools/msvc/config_default.pl @@ -16,7 +16,7 @@ our $config = { tcl => undef, # --with-tcl=<path> perl => undef, # --with-perl=<path> python => undef, # --with-python=<path> - openssl => undef, # --with-openssl=<path> + openssl => undef, # --with-ssl=openssl with <path> uuid => undef, # --with-uuid=<path> xml => undef, # --with-libxml=<path> xslt => undef, # --with-libxslt=<path> |