On Mon, Nov 01, 2021 at 11:15:32PM +0100, Daniel Gustafsson wrote:
> On 1 Nov 2021, at 14:33, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> Judging by OpenSSL, including both is common practice unless the module only
>>> deals with v3 extensions. Following that lead seems reasonable.
>>
>> I see that fe-secure-openssl.c includes only x509v3.h, and it builds
>> successfully on hamerkop. So I'm now inclined to make be-secure-openssl.c
>> match that.
>
> That is in and out of itself not wrong, it shouldn't be required but it's
> definitely not wrong to do regardless of what's causing this.
I would follow the practice of upstream to include both if were me
to be consistent, but I'm also fine if you just add x509v3.h to
be-secure-openssl.c.
--
Michael