diff options
| author | Daniel Gustafsson | 2024-10-24 13:20:19 +0000 |
|---|---|---|
| committer | Daniel Gustafsson | 2024-10-24 13:20:19 +0000 |
| commit | 6c66b7443cebf3ff09ea76416a20fb6bb1d32a52 (patch) | |
| tree | 3133dc783cd351b714a7484284014058d2d2b63d /configure | |
| parent | f81855171f95c4440d1d9f41bc9e5ac47eafb7a0 (diff) | |
Raise the minimum supported OpenSSL version to 1.1.1
Commit a70e01d4306fdbcd retired support for OpenSSL 1.0.2 in order to get
rid of the need for manual initialization of the library. This left our
API usage compatible with 1.1.0 which was defined as the minimum required
version. Also mention that 3.4 is the minimum version required when using
LibreSSL.
An upcoming commit will introduce support for configuring TLSv1.3 cipher
suites which require an API call in OpenSSL 1.1.1 and onwards. In order
to support this setting this commit will set v1.1.1 as the new minimum
required version. The version-specific call for randomness init added
in commit c3333dbc0c0 is removed as it's no longer needed.
Author: Daniel Gustafsson <daniel@yesql.se>
Discussion: https://postgr.es/m/909A668B-06AD-47D1-B8EB-A164211AAD16@yesql.se
Discussion: https://postgr.es/m/tencent_063F89FA72CCF2E48A0DF5338841988E9809@qq.com
Diffstat (limited to 'configure')
| -rwxr-xr-x | configure | 32 |
1 files changed, 14 insertions, 18 deletions
diff --git a/configure b/configure index 3a577e463ba..268ac94ae69 100755 --- a/configure +++ b/configure @@ -12224,9 +12224,9 @@ if test "$with_openssl" = yes ; then fi if test "$with_ssl" = openssl ; then - # Minimum required OpenSSL version is 1.1.0 + # Minimum required OpenSSL version is 1.1.1 -$as_echo "#define OPENSSL_API_COMPAT 0x10100000L" >>confdefs.h +$as_echo "#define OPENSSL_API_COMPAT 0x10101000L" >>confdefs.h if test "$PORTNAME" != "win32"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5 @@ -12441,33 +12441,29 @@ else fi fi - # Function introduced in OpenSSL 1.0.2, not in LibreSSL. - for ac_func in SSL_CTX_set_cert_cb + # Functions introduced in OpenSSL 1.1.1. + for ac_func in SSL_CTX_set_ciphersuites do : - ac_fn_c_check_func "$LINENO" "SSL_CTX_set_cert_cb" "ac_cv_func_SSL_CTX_set_cert_cb" -if test "x$ac_cv_func_SSL_CTX_set_cert_cb" = xyes; then : + ac_fn_c_check_func "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_func_SSL_CTX_set_ciphersuites" +if test "x$ac_cv_func_SSL_CTX_set_ciphersuites" = xyes; then : cat >>confdefs.h <<_ACEOF -#define HAVE_SSL_CTX_SET_CERT_CB 1 +#define HAVE_SSL_CTX_SET_CIPHERSUITES 1 _ACEOF +else + as_fn_error $? "OpenSSL version >= 1.1.1 is required for SSL support" "$LINENO" 5 fi done - # Functions introduced in OpenSSL 1.1.0. We used to check for - # OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL - # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it - # doesn't have these OpenSSL 1.1.0 functions. So check for individual - # functions. - for ac_func in OPENSSL_init_ssl + # Function introduced in OpenSSL 1.0.2, not in LibreSSL. + for ac_func in SSL_CTX_set_cert_cb do : - ac_fn_c_check_func "$LINENO" "OPENSSL_init_ssl" "ac_cv_func_OPENSSL_init_ssl" -if test "x$ac_cv_func_OPENSSL_init_ssl" = xyes; then : + ac_fn_c_check_func "$LINENO" "SSL_CTX_set_cert_cb" "ac_cv_func_SSL_CTX_set_cert_cb" +if test "x$ac_cv_func_SSL_CTX_set_cert_cb" = xyes; then : cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_INIT_SSL 1 +#define HAVE_SSL_CTX_SET_CERT_CB 1 _ACEOF -else - as_fn_error $? "OpenSSL version >= 1.1.0 is required for SSL support" "$LINENO" 5 fi done |