On Sun, Jun 28, 2020 at 10:18:12AM +0200, Peter Eisentraut wrote:
> We have added support for allegedly-OpenSSL compatible libraries such as
> LibreSSL before, so some tweaks for wolfSSL would seem acceptable. However,
> I doubt we are going to backpatch them, so unless you want to take
> responsibility for that as a packager, it's not really going to help anyone
> soon.
That's a new feature to me.
> And OpenSSL 3.0.0 will have a new license, so for the next PostgreSQL
> release, this problem might be gone.
And there is this part too to consider, but I am no lawyer.
@@ -131,11 +131,11 @@ typedef union {
#ifdef WOLFSSL_SHA3
wc_Sha3 sha3;
#endif
-} Hash;
+} WolfSSLHash;
[...]
#endif
#if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE)
#define USE_WOLF_VALIDDATE
- #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
+ #define XVALIDATE_DATE(d, f, t) WolfSSLValidateDate((d), (f), (t))
#endif
Looking at the patches, it seems to me that the part applying only to
WolfSSL should be done anyway, at least for the Hash part which is a
rather generic name, and that it may be better to do something as well
on the Postgres part for the same plan node to avoid conflicts, but
that's something old enough that it could vote (1054097).
ValidateTime() is present in the Postgres tree since f901bb5, but it
is always annoying to break stuff that could be used by external
plugins...
Regarding the Postgres part of the WIP, the hard part is that we need
more thinking about the refactoring bits, so as people compiling
Postgres can choose between OpenSSL or something else. And as Tom
mentioned upthread there is no need for that:
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/asn1.h>
+#include <wolfssl/options.h>
+#include <wolfssl/openssl/x509.h>
+#include <wolfssl/openssl/x509v3.h>
+#include <wolfssl/openssl/asn1.h>
./configure should just append the correct path with -I.
- my_bio_methods->bread = my_sock_read;
- my_bio_methods->bwrite = my_sock_write;
+ my_bio_methods->readCb = my_sock_read;
+ my_bio_methods->writeCb = my_sock_write;
These parts could also be consolidated between OpenSSL and WolfSSL?
- dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
FreeFile(fp);
+ return NULL;
This part is not acceptable as-is. As a proof of concept, that's
fine of course.
--
Michael