From a364dfa4ac7337743050256c6eb17b5db5430173 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Tue, 20 Mar 2018 16:44:52 -0400 Subject: Attempt to fix build with unusual OpenSSL versions Since e3bdb2d92600ed45bd46aaf48309a436a9628218, libpq failed to build on some platforms because they did not have SSL_clear_options(). Although mainline OpenSSL introduced SSL_clear_options() after SSL_OP_NO_COMPRESSION, so the code should have built fine, at least an old NetBSD version (build farm "coypu" NetBSD 5.1 gcc 4.1.3 PR-20080704 powerpc) has SSL_OP_NO_COMPRESSION but no SSL_clear_options(). So add a configure check for SSL_clear_options(). If we don't find it, skip the call. That means on such a platform one cannot *enable* SSL compression if the built-in default is off, but that seems an unlikely combination anyway and not very interesting in practice. --- src/interfaces/libpq/fe-secure-openssl.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src/interfaces/libpq/fe-secure-openssl.c') diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 1a35b30dbcd..2e2f1074fcb 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -1194,8 +1194,16 @@ initialize_SSL(PGconn *conn) #ifdef SSL_OP_NO_COMPRESSION if (conn->sslcompression && conn->sslcompression[0] == '0') SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION); + /* + * Mainline OpenSSL introduced SSL_clear_options() before + * SSL_OP_NO_COMPRESSION, so this following #ifdef should not be + * necessary, but some old NetBSD version have a locally modified libssl + * that has SSL_OP_NO_COMPRESSION but not SSL_clear_options(). + */ +#ifdef HAVE_SSL_CLEAR_OPTIONS else SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION); +#endif #endif return 0; -- cgit v1.2.3