On Tue, 24 Sep 2019 18:49:17 +0900
Michael Paquier <michael@paquier.xyz> wrote:
> On Tue, Sep 24, 2019 at 10:18:59AM +0300, Victor Wagner wrote:
> > PostgreSQL 12 documentation states, that minimum required version of
> > OpenSSL is 0.9.8. However, I was unable to сompile current
> > PGPRO_12_STABLE with OpenSSL 0.9.8j (from SLES 11sp4).
>
> I can reproduce that with REL_12_STABLE and the top of
> OpenSSL_0_9_8-stable fromx OpenSSL's git.
>
> > Replacing all
> >
> > #ifdef TLS1_1_VERSION
> >
> > with
> >
> > #if defined(TLS1_1_VERSION) && TLS1_1_VERSION <= TLS_MAX_VERSION
> >
> > and analogue for TLS1_2_VERSION fixes the problem.
>
> That sounds like a plan.
[skip]
> > ...
> > (line 1290). In this case check for TLS1_1_VERSION <=
> > TLS_MAX_VERSION seems to be more self-explanatory, than check for
> > somewhat unrelated symbol SSL_OP_NO_TLSv1_1
>
> That sounds right. Victor, would you like to write a patch?
I'm attaching patch which uses solution mentioned above.
It seems that chedk for SSL_OP_NO_TLSvX_Y is redundant if
we are checking for TLS_MAX_VERSION.
--