Define OPENSSL_API_COMPAT

This avoids deprecation warnings from newer OpenSSL versions (3.0.0 in particular). This has been originally applied as 4d3db13 for v14 and newer versions, but not on the older branches out of caution, and this commit closes the gap to remove all these deprecation warnings in all the branches still supported. OPENSSL_API_COMPAT's value is set based on the oldest version of OpenSSL supported on a branch: 1.0.1 for Postgres 13 and 0.9.8 for Postgres 11 and 12. Reviewed-by: Daniel Gustafsson Discussion: https://postgr.es/m/FEF81714-D479-4512-839B-C769D2605F8A@yesql.se Discussion: https://postgr.es/m/ZJJmOH+hIOSoesux@paquier.xyz Backpatch-through: 11
2020-07-19 12:14:42 +02:00 · 2020-07-19 12:14:42 +02:00 · 96f96398d3
parent 973c41567f
commit 96f96398d3
5 changed files with 25 additions and 2 deletions
--- a/6
+++ b/6
@ -12063,7 +12063,11 @@ fi
 fi

 if test "$with_openssl" = yes ; then
-    if test "$PORTNAME" != "win32"; then
+    # Minimum required OpenSSL version is 0.9.8
+
+$as_echo "#define OPENSSL_API_COMPAT 0x00908000L" >>confdefs.h
+
+  if test "$PORTNAME" != "win32"; then
     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5
 $as_echo_n "checking for CRYPTO_new_ex_data in -lcrypto... " >&6; }
 if ${ac_cv_lib_crypto_CRYPTO_new_ex_data+:} false; then :
--- a/configure.in
+++ b/configure.in
@ -1269,6 +1269,9 @@ fi

 if test "$with_openssl" = yes ; then
  dnl Order matters!
+  # Minimum required OpenSSL version is 0.9.8
+  AC_DEFINE(OPENSSL_API_COMPAT, [0x00908000L],
+            [Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.])
  if test "$PORTNAME" != "win32"; then
     AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])])
     AC_CHECK_LIB(ssl,    SSL_new, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])])
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@ -778,6 +778,10 @@
 /* Define bytes to use libc memset(). */
 #undef MEMSET_LOOP_LIMIT

+/* Define to the OpenSSL API version in use. This avoids deprecation warnings
+   from newer OpenSSL versions. */
+#undef OPENSSL_API_COMPAT
+
 /* Define to the address where bug reports for this package should be sent. */
 #undef PACKAGE_BUGREPORT

--- a/src/include/pg_config.h.win32
+++ b/src/include/pg_config.h.win32
@ -628,6 +628,10 @@
 /* Define bytes to use libc memset(). */
 #define MEMSET_LOOP_LIMIT 1024

+/* Define to the OpenSSL API version in use. This avoids deprecation warnings
+   from newer OpenSSL versions. */
+#define OPENSSL_API_COMPAT 0x00908000L
+
 /* Define to the address where bug reports for this package should be sent. */
 #define PACKAGE_BUGREPORT "pgsql-bugs@postgresql.org"

--- a/src/tools/msvc/Solution.pm
+++ b/src/tools/msvc/Solution.pm
@ -151,6 +151,8 @@ sub GenerateFiles
 {
 	my $self = shift;
 	my $bits = $self->{platform} eq 'Win32' ? 32 : 64;
+	my $openssl_api_compat;
+	my $ac_define_openssl_api_compat_found = 0;

 	# Parse configure.in to get version numbers
 	open(my $c, '<', "configure.in")
@ -167,10 +169,15 @@ sub GenerateFiles
 			$self->{numver} = sprintf("%d%04d", $1, $2 ? $2 : 0);
 			$self->{majorver} = sprintf("%d", $1);
 		}
+		elsif (/\bAC_DEFINE\(OPENSSL_API_COMPAT, \[([0-9xL]+)\]/)
+		{
+			$ac_define_openssl_api_compat_found = 1;
+			$openssl_api_compat = $1;
+		}
 	}
 	close($c);
 	confess "Unable to parse configure.in for all variables!"
-	  if ($self->{strver} eq '' || $self->{numver} eq '');
+	  if ($self->{strver} eq '' || $self->{numver} eq '' || $ac_define_openssl_api_compat_found == 0);

 	if (IsNewer("src/include/pg_config_os.h", "src/include/port/win32.h"))
 	{
@ -254,6 +261,7 @@ sub GenerateFiles
 		if ($self->{options}->{openssl})
 		{
 			print $o "#define USE_OPENSSL 1\n";
+			print $o "#define OPENSSL_API_COMPAT $openssl_api_compat\n";

 			my ($digit1, $digit2, $digit3) = $self->GetOpenSSLVersion();