[pfx] Fwd: Build error for PostFix 3.9.0 on MacOS with MySQL 8.3: missing mysql_ssl_set()

Robert Fuhrer via Postfix-users Thu, 18 Jul 2024 14:57:34 -0700

Oops, apologies, forgot to send to the list.

Cheers,

- Bob

Begin forwarded message:

From: Robert Fuhrer <rmfuh...@optonline.net>
Subject: Re: [pfx] Build error for PostFix 3.9.0 on MacOS with MySQL 8.3: missing mysql_ssl_set()
Date: July 18, 2024 at 5:55:49 PM EDT
To: Wietse Venema <wie...@porcupine.org>

Hi Wietse,

Thanks for the speedy patch!

Unfortunately, it doesn't work as is, b/c one can't use the C preprocessor "defined()" operator on enum symbols, which the various MYSQL_OPT_SSL_* symbols all are. You can basically only reference preprocessor macro symbols in the #if-test.

(BTW, the patch you inlined didn't have a leading space on the common-context lines, so `patch` barfed on it until I fixed that.)

I couldn't find a suitable "capability macro", i.e., something that signals at the preprocessor level that the new options API is available.

Instead, I replaced the #if-test in your patch with just:

#if MYSQL_VERSION_ID >= 80035

and things build cleanly, and "postconf -m" now lists the MySQL dictionary table type. I haven't tested beyond that yet.

Obviously, if the MySQL team recants their decision and makes mysql_ssl_set() the preferred API at some point, then the above test will have to be changed.

Anyway, patch file attached below, in case it's helpful.

dict_mysql.c.patch-MINE
Description: Binary data

Cheers,
- Bob

On Jul 18, 2024, at 1:28 PM, Wietse Venema via Postfix-users <postfix-users@postfix.org> wrote:

Robert Fuhrer via Postfix-users:
Hi,

MacOS ships with an ancient version of PostFix (3.2.2!).

I already have PostFix running nicely, but I have no idea when Apple will update PostFix, or worse, remove it altogether (!), so I'm building PostFix 3.9.0 from source.

The only error I'm running into is in compiling the MySQL support. The latest MySQL that Homebrew provides is 8.3.0, which doesn't define the function mysql_ssl_set(), referenced at src/global/dict_mysql.c:603.

Interestingly, that function was deprecated as of MySQL 8.0.35, removed in 8.3.0, and reinstated in 8.4.0 <https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-0.html> (see the C API Notes section of that page), but it's still deprecated. Apparently it was deprecated in the first place b/c its functionality is available via mysql_options() -- see this doc page <https://dev.mysql.com/doc/c-api/8.4/en/mysql-ssl-set.html>, and the Note at the top.

Again, though, I don't know how long it will be before Homebrew updates their MySQL, so I may be stuck this way for a good while.

Also, since the function's still deprecated, MySQL might remove it again in a future release.

For now, I can just disable MySQL support (I'm only *thinking* of using it in the future), but perhaps others might be more interested.

I guess that we could make the build conditional. See patch below.

Would be good if you could find out if that works. I have only very
old and very new implementations at hand.

Wietse

diff '--exclude=man' '--exclude=html' '--exclude=README_FILES' '--exclude=INSTALL' '--exclude=.indent.pro' -r -ur /var/tmp/postfix-3.10-20240622/src/global/dict_mysql.c ./src/global/dict_mysql.c
--- /var/tmp/postfix-3.10-20240622/src/global/dict_mysql.c 2024-01-29 18:46:48.000000000 -0500
+++ ./src/global/dict_mysql.c 2024-07-18 13:25:49.885661224 -0400
@@ -598,12 +598,29 @@
mysql_options(host->db, MYSQL_READ_DEFAULT_FILE, dict_mysql->option_file);
    if (dict_mysql->option_group && dict_mysql->option_group[0])
mysql_options(host->db, MYSQL_READ_DEFAULT_GROUP, dict_mysql->option_group);
+#if defined(MYSQL_OPT_SSL_KEY) && defined(MYSQL_OPT_SSL_CERT) \
+    && defined(MYSQL_OPT_SSL_CA) && defined(MYSQL_OPT_SSL_CAPATH) \
+    && defined(MYSQL_OPT_SSL_CIPHER)
+    /* Preferred API. */
+    if (dict_mysql->tls_key_file)
+ mysql_options(host->db, MYSQL_OPT_SSL_KEY, dict_mysql->tls_key_file);
+    if (dict_mysql->tls_cert_file)
+ mysql_options(host->db, MYSQL_OPT_SSL_CERT, dict_mysql->tls_cert_file);
+    if (dict_mysql->tls_CAfile)
+ mysql_options(host->db, MYSQL_OPT_SSL_CA, dict_mysql->tls_CAfile);
+    if (dict_mysql->tls_CApath)
+ mysql_options(host->db, MYSQL_OPT_SSL_CAPATH, dict_mysql->tls_CApath);
+    if (dict_mysql->tls_ciphers)
+ mysql_options(host->db, MYSQL_OPT_SSL_CIPHER, dict_mysql->tls_ciphers);
+#else
+    /* Deprecated API. */
    if (dict_mysql->tls_key_file || dict_mysql->tls_cert_file ||
dict_mysql->tls_CAfile || dict_mysql->tls_CApath || dict_mysql->tls_ciphers)
mysql_ssl_set(host->db,
     dict_mysql->tls_key_file, dict_mysql->tls_cert_file,
     dict_mysql->tls_CAfile, dict_mysql->tls_CApath,
     dict_mysql->tls_ciphers);
+#endif
#if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
    if (dict_mysql->tls_verify_cert != -1)
mysql_options(host->db, DICT_MYSQL_SSL_VERIFY_SERVER_CERT,
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Fwd: Build error for PostFix 3.9.0 on MacOS with MySQL 8.3: missing mysql_ssl_set()

Reply via email to