Re: sslinfo extension - add notbefore and notafter timestamps
| От | Cary Huang |
|---|---|
| Тема | Re: sslinfo extension - add notbefore and notafter timestamps |
| Дата | |
| Msg-id | 193e04fc3a4.e77ee69b4866014.9008993441543238140@highgo.ca обсуждение исходный текст |
| Ответ на | Re: sslinfo extension - add notbefore and notafter timestamps (Cary Huang <cary.huang@highgo.ca>) |
| Ответы |
Re: sslinfo extension - add notbefore and notafter timestamps
|
| Список | pgsql-hackers |
> > The recent bump in minmum required versions of OpenSSL and LibreSSL made me > > remember to revisit this patch which was previously reverted due to library > > incompatibility (with *both* OpenSSL and LibreSSL on different APIs). > > > > The attached removes the timestamp conversion workaround which is no longer > > needed. > > The patch was marked as ready for committer and is currently failing > in the CI. I've moved it to next CF waiting on author. Could you > provide a rebase? Since the minimum OpenSSL version is now 1.1.1, the v13 patch would fail the CI because it uses the old APIs to obtain notBefore and notAfter timestamps: - X509_get_notBefore - X509_get_notAfter which where deprecated in OpenSSL 1.1.0... Instead, it should use: - X509_get0_notBefore - X509_get0_notAfter which are available in version 1.1.1 and beyond. These APIs now return a "const ASN1_TIME*" instead of "ASN1_TIME*". The changes below should remove the CI failing when applied to v13 patch: --- a/contrib/sslinfo/sslinfo.c +++ b/contrib/sslinfo/sslinfo.c -static Datum ASN1_TIME_to_timestamptz(ASN1_TIME *time); +static Datum ASN1_TIME_to_timestamptz(const ASN1_TIME *time); -ASN1_TIME_to_timestamptz(ASN1_TIME *ASN1_cert_ts) +ASN1_TIME_to_timestamptz(const ASN1_TIME *ASN1_cert_ts) - return ASN1_TIME_to_timestamptz(X509_get_notBefore(cert)); + return ASN1_TIME_to_timestamptz(X509_get0_notBefore(cert)); - return ASN1_TIME_to_timestamptz(X509_get_notAfter(cert)); + return ASN1_TIME_to_timestamptz(X509_get0_notAfter(cert)); --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c -static TimestampTz ASN1_TIME_to_timestamptz(ASN1_TIME *time); +static TimestampTz ASN1_TIME_to_timestamptz(const ASN1_TIME *time); -ASN1_TIME_to_timestamptz(ASN1_TIME *ASN1_cert_ts) +ASN1_TIME_to_timestamptz(const ASN1_TIME *ASN1_cert_ts) - *ptr = ASN1_TIME_to_timestamptz(X509_get_notBefore(port->peer)); + *ptr = ASN1_TIME_to_timestamptz(X509_get0_notBefore(port->peer)); - *ptr = ASN1_TIME_to_timestamptz(X509_get_notAfter(port->peer)); + *ptr = ASN1_TIME_to_timestamptz(X509_get0_notAfter(port->peer)); can you make a rebase with the above changes? Cary Huang ------------- HighGo Software Inc. (Canada) cary.huang@highgo.ca www.highgo.ca
В списке pgsql-hackers по дате отправления: