aboutsummaryrefslogtreecommitdiff
path: root/src/backend/libpq/be-secure-openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/libpq/be-secure-openssl.c')
-rw-r--r--src/backend/libpq/be-secure-openssl.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index dff61776bd8..c2032c2f30e 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -57,7 +57,6 @@
#ifndef OPENSSL_NO_ECDH
#include <openssl/ec.h>
#endif
-#include <openssl/x509.h>
#include "libpq/libpq.h"
#include "miscadmin.h"
@@ -1250,6 +1249,7 @@ be_tls_get_peer_finished(Port *port, size_t *len)
char *
be_tls_get_certificate_hash(Port *port, size_t *len)
{
+#ifdef HAVE_X509_GET_SIGNATURE_NID
X509 *server_cert;
char *cert_hash;
const EVP_MD *algo_type = NULL;
@@ -1266,7 +1266,7 @@ be_tls_get_certificate_hash(Port *port, size_t *len)
* Get the signature algorithm of the certificate to determine the
* hash algorithm to use for the result.
*/
- if (!OBJ_find_sigid_algs(OBJ_obj2nid(server_cert->sig_alg->algorithm),
+ if (!OBJ_find_sigid_algs(X509_get_signature_nid(server_cert),
&algo_nid, NULL))
elog(ERROR, "could not determine server certificate signature algorithm");
@@ -1299,6 +1299,12 @@ be_tls_get_certificate_hash(Port *port, size_t *len)
*len = hash_size;
return cert_hash;
+#else
+ ereport(ERROR,
+ (errcode(ERRCODE_PROTOCOL_VIOLATION),
+ errmsg("channel binding type \"tls-server-end-point\" is not supported by this build")));
+ return NULL;
+#endif
}
/*
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-31 16:09:05 +0000