From 8aa9a26236aa424e99f2c146f7ba3c5c9dcf0b19 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Sun, 19 Jul 2020 12:14:42 +0200 Subject: [PATCH] Define OPENSSL_API_COMPAT This avoids deprecation warnings from newer OpenSSL versions (3.0.0 in particular). This has been originally applied as 4d3db13 for v14 and newer versions, but not on the older branches out of caution, and this commit closes the gap to remove all these deprecation warnings in all the branches still supported. OPENSSL_API_COMPAT's value is set based on the oldest version of OpenSSL supported on a branch: 1.0.1 for Postgres 13 and 0.9.8 for Postgres 11 and 12. Reviewed-by: Daniel Gustafsson Discussion: https://postgr.es/m/FEF81714-D479-4512-839B-C769D2605F8A@yesql.se Discussion: https://postgr.es/m/ZJJmOH+hIOSoesux@paquier.xyz Backpatch-through: 11 --- configure | 6 +++++- configure.in | 3 +++ src/include/pg_config.h.in | 4 ++++ src/tools/msvc/Solution.pm | 10 +++++++++- 4 files changed, 21 insertions(+), 2 deletions(-) diff --git a/configure b/configure index a461afffb2fe0..83cdc390eaab9 100755 --- a/configure +++ b/configure @@ -12477,7 +12477,11 @@ fi fi if test "$with_openssl" = yes ; then - if test "$PORTNAME" != "win32"; then + # Minimum required OpenSSL version is 1.0.1 + +$as_echo "#define OPENSSL_API_COMPAT 0x10001000L" >>confdefs.h + + if test "$PORTNAME" != "win32"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5 $as_echo_n "checking for CRYPTO_new_ex_data in -lcrypto... " >&6; } if ${ac_cv_lib_crypto_CRYPTO_new_ex_data+:} false; then : diff --git a/configure.in b/configure.in index 48ea9ad17e5a9..85faa1e91bcbd 100644 --- a/configure.in +++ b/configure.in @@ -1258,6 +1258,9 @@ fi if test "$with_openssl" = yes ; then dnl Order matters! + # Minimum required OpenSSL version is 1.0.1 + AC_DEFINE(OPENSSL_API_COMPAT, [0x10001000L], + [Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.]) if test "$PORTNAME" != "win32"; then AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) AC_CHECK_LIB(ssl, SSL_new, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])]) diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 745cca5b05019..13fc4e0db6269 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -758,6 +758,10 @@ /* Define bytes to use libc memset(). */ #undef MEMSET_LOOP_LIMIT +/* Define to the OpenSSL API version in use. This avoids deprecation warnings + from newer OpenSSL versions. */ +#undef OPENSSL_API_COMPAT + /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm index 54537411aba11..78328e1fac0d6 100644 --- a/src/tools/msvc/Solution.pm +++ b/src/tools/msvc/Solution.pm @@ -152,6 +152,8 @@ sub GenerateFiles my $package_bugreport; my $package_url; my ($majorver, $minorver); + my $ac_define_openssl_api_compat_found = 0; + my $openssl_api_compat; # Parse configure.in to get version numbers open(my $c, '<', "configure.in") @@ -176,10 +178,15 @@ sub GenerateFiles $majorver = sprintf("%d", $1); $minorver = sprintf("%d", $2 ? $2 : 0); } + elsif (/\bAC_DEFINE\(OPENSSL_API_COMPAT, \[([0-9xL]+)\]/) + { + $ac_define_openssl_api_compat_found = 1; + $openssl_api_compat = $1; + } } close($c); confess "Unable to parse configure.in for all variables!" - unless $ac_init_found; + unless $ac_init_found && $ac_define_openssl_api_compat_found; if (IsNewer("src/include/pg_config_os.h", "src/include/port/win32.h")) { @@ -436,6 +443,7 @@ sub GenerateFiles LOCALE_T_IN_XLOCALE => undef, MAXIMUM_ALIGNOF => 8, MEMSET_LOOP_LIMIT => 1024, + OPENSSL_API_COMPAT => $openssl_api_compat, PACKAGE_BUGREPORT => qq{"$package_bugreport"}, PACKAGE_NAME => qq{"$package_name"}, PACKAGE_STRING => qq{"$package_name $package_version"},