On 09/15/2016 02:03 AM, Andreas Karlsson wrote:
On 09/12/2016 06:51 PM, Heikki Linnakangas wrote:
Changes since last version:
* Added more error checks to the my_BIO_s_socket() function. Check for
NULL result from malloc(). Check the return code of BIO_meth_set_*()
functions; looking at OpenSSL sources, they always succeed, but all the
test/example programs that come with OpenSSL do check them.
* Use BIO_get_new_index() to get the index number for the wrapper BIO.
* Also call BIO_meth_set_puts(). It was missing in previous patch
versions.
* Fixed src/test/ssl test suite to also work with OpenSSL 1.1.0.
* Changed all references (in existing code) to SSLEAY_VERSION_NUMBER
into OPENSSL_VERSION_NUMBER, for consistency.
* Squashed all into one patch.
I intend to apply this to all supported branches, so please have a look!
This is now against REL9_6_STABLE, but there should be little difference
between branches in the code that this touches.
This patch no longer seems to apply to head after the removed support of
0.9.6. Is that intentional?
Never mind. I just failed at reading.
Now for a review:
It looks generally good but I think I saw one error. In
fe-secure-openssl.c your code still calls SSL_library_init() in OpenSSL
1.1. I think it should be enough to just call
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) like you do in be-secure.
Andreas
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
