On 09/05/2016 02:52 PM, Heikki Linnakangas wrote:
> On 09/05/2016 03:23 AM, Tom Lane wrote:
>> Judging by the number of people who have popped up recently with their
>> own OpenSSL 1.1 patches, I think there is going to be a lot of demand for
>> back-patching some sort of 1.1 support into our back branches. All this
>> talk of refactoring does not sound very back-patchable. Should we be
>> thinking of what we can extract that is back-patchable?
>
> Yes, I think you're right.
I planned to commit this today, but while reading through it and
testing, I ended up doing a bunch more changes, so this deserves another
round of review.
Changes since last version:
* Added more error checks to the my_BIO_s_socket() function. Check for
NULL result from malloc(). Check the return code of BIO_meth_set_*()
functions; looking at OpenSSL sources, they always succeed, but all the
test/example programs that come with OpenSSL do check them.
* Use BIO_get_new_index() to get the index number for the wrapper BIO.
* Also call BIO_meth_set_puts(). It was missing in previous patch versions.
* Fixed src/test/ssl test suite to also work with OpenSSL 1.1.0.
* Changed all references (in existing code) to SSLEAY_VERSION_NUMBER
into OPENSSL_VERSION_NUMBER, for consistency.
* Squashed all into one patch.
I intend to apply this to all supported branches, so please have a look!
This is now against REL9_6_STABLE, but there should be little difference
between branches in the code that this touches.
- Heikki