On Wed, Jun 13, 2018 at 09:07:20AM +0900, Michael Paquier wrote: > What kind of failures are you seeing? I just compiled Postgres two days > ago with MSVC and OpenSSL 1.0.2o (oldest version with a Windows > installer I could find), and that was able to compile. On HEAD, OpenSSL > should be supported down to 0.9.8. This thread discusses about whether > we want to enforce HAVE_X509_GET_SIGNATURE_NID unconditionally or not, > as it is disabled now. Even if the code is linked to 1.0.2 and the flag > is not set, then the code should be able to compile.
So, I was looking at this part this morning, and I would suggest the attached, which enables HAVE_X509_GET_SIGNATURE_NID and HAVE_SSL_CLEAR_OPTIONS, raising the bar to have at least OpenSSL 1.0.2 on Windows (that's the minimum version easily findable when it comes to MSI installers anyway these days). I have checked that the code is able to compile correctly as well. HAVE_LDAP_INITIALIZE is added in the list, but this is disabled as I could not test it. It could always be possible to revisit that later. Thomas, what do you think? Thoughts? -- Michael
From 0ea00afc34063aa44f5203c5dc39f00d2108fbaf Mon Sep 17 00:00:00 2001 From: Michael Paquier <mich...@paquier.xyz> Date: Wed, 13 Jun 2018 10:55:05 +0900 Subject: [PATCH] Track new configure flags introduced for 11 in pg_config.h.win32 The following set of flags mainly matter when building Postgres code with MSVC and those have been forgotten with latest developments: - HAVE_LDAP_INITIALIZE, added by 35c0754f, but tracked as disabled for now. - HAVE_X509_GET_SIGNATURE_NID, added by 054e8c6c, which is used by SCRAM's channel binding tls-server-end-point. Having this flag disabled would cause this channel binding type to be unsupported for Windows builds. - HAVE_SSL_CLEAR_OPTIONS, added recently as of a364dfa4 to disable SSL compression. The second and third flags are enabled with this commit, which raises the bar of OpenSSL support to 1.0.2 on Windows as minimum. As this is the TLS version of community and knowing that all recent installers referred by upstream don't have anymore 1.0.1 or older, we could live with that requirement. Author: Michael Paquier Discussion: https://postgr.es/m/20180529211559.gf6...@paquier.xyz --- src/include/pg_config.h.win32 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32 index 2c701fa718..ce63f3ef10 100644 --- a/src/include/pg_config.h.win32 +++ b/src/include/pg_config.h.win32 @@ -233,6 +233,9 @@ /* Define to 1 if you have the <ldap.h> header file. */ /* #undef HAVE_LDAP_H */ +/* Define to 1 if you have the `ldap_initialize' function. */ +/* #undef HAVE_LDAP_INITIALIZE */ + /* Define to 1 if you have the `crypto' library (-lcrypto). */ /* #undef HAVE_LIBCRYPTO */ @@ -361,6 +364,9 @@ /* Define to 1 if you have the `srandom' function. */ /* #undef HAVE_SRANDOM */ +/* Define to 1 if you have the `SSL_clear_options' function. */ +#define HAVE_SSL_CLEAR_OPTIONS 1 + /* Define to 1 if you have the `SSL_get_current_compression' function. */ #define HAVE_SSL_GET_CURRENT_COMPRESSION 1 @@ -543,6 +549,9 @@ /* Define to 1 if you have the <winldap.h> header file. */ /* #undef HAVE_WINLDAP_H */ +/* Define to 1 if you have the `X509_get_signature_nid' function. */ +#define HAVE_X509_GET_SIGNATURE_NID 1 + /* Define to 1 if the system has the type `_Bool'. */ /* #undef HAVE__BOOL */ -- 2.17.1
signature.asc
Description: PGP signature
