> On 20 Mar 2018, at 05:15, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
>> On 3/17/18 15:12, Daniel Gustafsson wrote:
>>> On 17 Mar 2018, at 17:47, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>>> Buildfarm reports that SSL_clear_options isn't available everywhere.
>
>>> Per some reading of the documentation and various patchers it seems
>>> SSL_clear_options() was introduced in 0.9.8m and SSL_OP_NO_COMPRESSION in
>>> 1.0.0.
>
>> It seems the failure is limited to an old NetBSD version. They might
>> have patched their libssl locally somehow. Is it worth supporting this?
>
> Dunno, but the other side of the coin is that the goals of this patch
> don't seem like a sufficient reason to break backwards compatibility
> with any platform.
If we test for SSL_clear_options(), and use the sk_SSL_COMP_zero() where not
available, we should be able to keep backwards compatibility with older OpenSSL
revisions even if the distros have patched them AFAICT. Unless you’re already
working on it I can take a stab at it.
cheers ./daniel