diff options
| -rw-r--r-- | src/backend/libpq/be-secure-openssl.c | 24 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 10 |
2 files changed, 23 insertions, 11 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index 51836321fbf..8dd4d17c8cf 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -29,15 +29,6 @@ #include <arpa/inet.h> #endif -#include <openssl/ssl.h> -#include <openssl/conf.h> -#include <openssl/dh.h> -#ifndef OPENSSL_NO_ECDH -#include <openssl/ec.h> -#endif -#include <openssl/x509v3.h> - -#include "common/openssl.h" #include "libpq/libpq.h" #include "miscadmin.h" #include "pgstat.h" @@ -46,6 +37,21 @@ #include "tcop/tcopprot.h" #include "utils/memutils.h" +/* + * These SSL-related #includes must come after all system-provided headers. + * This ensures that OpenSSL can take care of conflicts with Windows' + * <wincrypt.h> by #undef'ing the conflicting macros. (We don't directly + * include <wincrypt.h>, but some other Windows headers do.) + */ +#include "common/openssl.h" +#include <openssl/conf.h> +#include <openssl/dh.h> +#ifndef OPENSSL_NO_ECDH +#include <openssl/ec.h> +#endif +#include <openssl/x509v3.h> + + /* default init hook can be overridden by a shared library */ static void default_openssl_tls_init(SSL_CTX *context, bool isServerStart); openssl_tls_init_hook_typ openssl_tls_init_hook = default_openssl_tls_init; diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 3a7cc8f774f..a90d891c6cc 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -30,7 +30,6 @@ #include "fe-auth.h" #include "fe-secure-common.h" #include "libpq-int.h" -#include "common/openssl.h" #ifdef WIN32 #include "win32.h" @@ -55,13 +54,20 @@ #endif #endif -#include <openssl/ssl.h> +/* + * These SSL-related #includes must come after all system-provided headers. + * This ensures that OpenSSL can take care of conflicts with Windows' + * <wincrypt.h> by #undef'ing the conflicting macros. (We don't directly + * include <wincrypt.h>, but some other Windows headers do.) + */ +#include "common/openssl.h" #include <openssl/conf.h> #ifdef USE_SSL_ENGINE #include <openssl/engine.h> #endif #include <openssl/x509v3.h> + static int verify_cb(int ok, X509_STORE_CTX *ctx); static int openssl_verify_peer_name_matches_certificate_name(PGconn *conn, ASN1_STRING *name, |