Support disallowing SSL renegotiation when using LibreSSL

LibreSSL doesn't support the SSL_OP_NO_RENEGOTIATION macro which is
used by OpenSSL, instead it has invented a similar one for client-
side renegotiation: SSL_OP_NO_CLIENT_RENEGOTIATION. This has been
supported since LibreSSL 2.5.1 which by now can be considered well
below the minimum requirement.

Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/eac70d46-e61c-4d71-a1e1-78e2bfa19485@eisentraut.org

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 29c9af1aabfa02cc9aaa1d37d2160c9c3973c87f..55b2cad7459960235efcef7f640f08ac158aab37 100644 (file)
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -267,15 +267,20 @@ be_tls_init(bool isServerStart)
    /* disallow SSL compression */
    SSL_CTX_set_options(context, SSL_OP_NO_COMPRESSION);
 
-#ifdef SSL_OP_NO_RENEGOTIATION
-
    /*
-    * Disallow SSL renegotiation, option available since 1.1.0h.  This
-    * concerns only TLSv1.2 and older protocol versions, as TLSv1.3 has no
-    * support for renegotiation.
+    * Disallow SSL renegotiation.  This concerns only TLSv1.2 and older
+    * protocol versions, as TLSv1.3 has no support for renegotiation.
+    * SSL_OP_NO_RENEGOTIATION is available in OpenSSL since 1.1.0h (via a
+    * backport from 1.1.1). SSL_OP_NO_CLIENT_RENEGOTIATION is available in
+    * LibreSSL since 2.5.1 disallowing all client-initiated renegotiation
+    * (this is usually on by default).
     */
+#ifdef SSL_OP_NO_RENEGOTIATION
    SSL_CTX_set_options(context, SSL_OP_NO_RENEGOTIATION);
 #endif
+#ifdef SSL_OP_NO_CLIENT_RENEGOTIATION
+   SSL_CTX_set_options(context, SSL_OP_NO_CLIENT_RENEGOTIATION);
+#endif
 
    /* set up ephemeral DH and ECDH keys */
    if (!initialize_dh(context, isServerStart))