On 09/16/2016 04:11 PM, Christoph Berg wrote:
Thanks for the patch!I just tried to apply it to 9.2. There was a conflict in configure.in which was trivial to resolve. Another conflict in contrib/pgcrypto/pgcrypto.c was not applicable because the code doesn't seem to exist (didn't try very hard though). Ignoring the contrib conflict, it still didn't compile: /home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c: In function ‘secure_write’: /home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c:342:17: error: dereferencing pointer to incomplete type ‘SSL {aka struct ssl_st}’ if (port->ssl->state != SSL_ST_OK) ^~ /home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c:342:28: error: ‘SSL_ST_OK’ undeclared (first use in this function) if (port->ssl->state != SSL_ST_OK) ^~~~~~~~~
This is related to the renegotiation which was first fixed and later removed in the 9.4 cycle, but intentionally not backported. It seems like OpenSSL refactored the state machine in 1.1 which is why the code above breaks.
I am not entirely sure I follow what the old code in 9.3 and 9.2 is strying to do and why it messes directly with the state of the statemachine.
Andreas -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
