On Wed, Jun 13, 2018 at 08:55:46PM -0400, Andrew Dunstan wrote: > I installed 1.1.0h and got errors you can see on the buildfarm. I've now > installed 1.0.2o and everything is good.
Good thing you tested that. I have just used the LTS 1.0.2 for my tests. And there are a couple of problems here. HAVE_BIO_GET_DATA is neither defined nor enforced in pg_config.h.win32, and BIO_get_data has been introduced in 1.1.0, so that explains the failures as you would need to add it in the config files. I imagine that most folks packaging Postgres on Windows simply rely on 1.0.2 (I do!) which is why we have not seen reports of those failures... A second failure is related to HAVE_BIO_METH_NEW, with all routine sets like BIO_meth_set_write & co new as of OpenSSL 1.1.0. The configure check uses BIO_meth_new(). A third problem is related to HAVE_ASN1_STRING_GET0_DATA, but I don't see a complain in the buildfarm logs, which is interesting, but that's already present in pg_config.h.win32. A fourth problem is with HAVE_OPENSSL_INIT_SSL, which is missing in pg_config.h.win32. We claim support for OpenSSL 1.1.0 down to 9.4 per bb132cdd, so I think that we should document all those flags even in back-branches. Thoughts of people here? For now, I would suggest to keep a track of HAVE_BIO_GET_DATA, HAVE_BIO_METH_NEW and others in pg_config.h.win32 but mark them as undef. Anybody shipping Windows stuff also likely patch lightly the MSVC scripts (I do for some paths!), so they could always enforce those flags if building with OpenSSL 1.1.0... Documenting them is really important as well. So attached is an updated patch which should be applied on HEAD to close the gap and close this open item with all the gaps mentioned in the commit message. I'd like to document (but disable!) as well the OpenSSL 1.1.0 flags down to 9.4 as that's where we claim support of this version as bb132cd missed the shot. This would break Windows MSVC builds linking to OpenSSL 1.0.1 or older, so the buildfarm will likely turn red here or there. Thoughts? -- Michael
From c571b8d693a5498f2f49f786b065f911e7e4b505 Mon Sep 17 00:00:00 2001 From: Michael Paquier <mich...@paquier.xyz> Date: Thu, 14 Jun 2018 10:35:06 +0900 Subject: [PATCH] Track new configure flags introduced for 11 in pg_config.h.win32 The following set of flags mainly matter when building Postgres code with MSVC and those have been forgotten with latest developments: - HAVE_LDAP_INITIALIZE, added by 35c0754f, but tracked as disabled for now. ldap_initialize() is a non-standard extension that provides a way to use "ldaps" with OpenLDAP, but it is not supported on Windows, and instead the non-standard ldap_sslinit() is used if WIN32 is defined. Per input from Thomas Munro. - HAVE_X509_GET_SIGNATURE_NID, added by 054e8c6c, which is used by SCRAM's channel binding tls-server-end-point. Having this flag disabled would cause this channel binding type to be unsupported for Windows builds. - HAVE_SSL_CLEAR_OPTIONS, added recently as of a364dfa4 to disable SSL compression. - HAVE_ASN1_STRING_GET0_DATA, added by 5c6df67, which is used to track a new compatibility with OpenSSL 1.1.0. This was missing from pg_config.win32.h and is not enabled by default. HAVE_BIO_GET_DATA, HAVE_OPENSSL_INIT_SSL and HAVE_BIO_METH_NEW gain the same treatment. The second and third flags are enabled with this commit, which raises the bar of OpenSSL support to 1.0.2 on Windows as a minimum. As this is the TLS version of community and knowing that all recent installers referred by upstream don't have anymore 1.0.1 or older, we could live with that requirement. In order to allow the code to compile with OpenSSL 1.1.0, all the flags mentioned above need to be enabled in pg_config.h.win32. Author: Michael Paquier Discussion: https://postgr.es/m/20180529211559.gf6...@paquier.xyz --- src/include/pg_config.h.win32 | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32 index 2c701fa718..0c15d7f624 100644 --- a/src/include/pg_config.h.win32 +++ b/src/include/pg_config.h.win32 @@ -72,6 +72,15 @@ # define gettimeofday(a,b) gettimeofday(a) #endif +/* Define to 1 if you have the `ASN1_STRING_get0_data' function. */ +/* #undef HAVE_ASN1_STRING_GET0_DATA */ + +/* Define to 1 if you have the `BIO_get_data' function. */ +/* #undef HAVE_BIO_GET_DATA */ + +/* Define to 1 if you have the `BIO_meth_new' function. */ +/* #undef HAVE_BIO_METH_NEW */ + /* Define to 1 if you have the `cbrt' function. */ //#define HAVE_CBRT 1 @@ -233,6 +242,9 @@ /* Define to 1 if you have the <ldap.h> header file. */ /* #undef HAVE_LDAP_H */ +/* Define to 1 if you have the `ldap_initialize' function. */ +/* #undef HAVE_LDAP_INITIALIZE */ + /* Define to 1 if you have the `crypto' library (-lcrypto). */ /* #undef HAVE_LIBCRYPTO */ @@ -288,6 +300,9 @@ /* Define to 1 if you have the <netinet/tcp.h> header file. */ /* #undef HAVE_NETINET_TCP_H */ +/* Define to 1 if you have the `OPENSSL_init_ssl' function. */ +/* #undef HAVE_OPENSSL_INIT_SSL */ + /* Define to 1 if you have the <pam/pam_appl.h> header file. */ /* #undef HAVE_PAM_PAM_APPL_H */ @@ -361,6 +376,9 @@ /* Define to 1 if you have the `srandom' function. */ /* #undef HAVE_SRANDOM */ +/* Define to 1 if you have the `SSL_clear_options' function. */ +#define HAVE_SSL_CLEAR_OPTIONS 1 + /* Define to 1 if you have the `SSL_get_current_compression' function. */ #define HAVE_SSL_GET_CURRENT_COMPRESSION 1 @@ -543,6 +561,9 @@ /* Define to 1 if you have the <winldap.h> header file. */ /* #undef HAVE_WINLDAP_H */ +/* Define to 1 if you have the `X509_get_signature_nid' function. */ +#define HAVE_X509_GET_SIGNATURE_NID 1 + /* Define to 1 if the system has the type `_Bool'. */ /* #undef HAVE__BOOL */ -- 2.17.1
signature.asc
Description: PGP signature
