diff options
author | Tom Lane | 2021-11-06 16:43:18 +0000 |
---|---|---|
committer | Tom Lane | 2021-11-06 16:43:18 +0000 |
commit | 1241fcbd7e649414f09f9858ba73e63975dcff64 (patch) | |
tree | 3951e029303c5125a74a0ddc99b58f52cc2627a1 | |
parent | 05e6e78c1840d07154a4b52092178a2d1ad39445 (diff) |
Second attempt to silence SSL compile failures on hamerkop.
After further investigation, it seems the cause of the problem
is our recent decision to start defining WIN32_LEAN_AND_MEAN.
That causes <windows.h> to no longer include <wincrypt.h>, which
means that the OpenSSL headers are unable to prevent conflicts
with that header by #undef'ing the conflicting macros. Apparently,
some other system header that be-secure-openssl.c #includes after
the OpenSSL headers is pulling in <wincrypt.h>. It's obscure just
where that happens and why we're not seeing it on other Windows
buildfarm animals. However, it should work to move the OpenSSL
#includes to the end of the list. For the sake of future-proofing,
do likewise in fe-secure-openssl.c. In passing, remove useless
double inclusions of <openssl/ssl.h>.
Thanks to Thomas Munro for running down the relevant information.
Discussion: https://postgr.es/m/[email protected]
-rw-r--r-- | src/backend/libpq/be-secure-openssl.c | 24 | ||||
-rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 10 |
2 files changed, 23 insertions, 11 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index 51836321fb..8dd4d17c8c 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -29,15 +29,6 @@ #include <arpa/inet.h> #endif -#include <openssl/ssl.h> -#include <openssl/conf.h> -#include <openssl/dh.h> -#ifndef OPENSSL_NO_ECDH -#include <openssl/ec.h> -#endif -#include <openssl/x509v3.h> - -#include "common/openssl.h" #include "libpq/libpq.h" #include "miscadmin.h" #include "pgstat.h" @@ -46,6 +37,21 @@ #include "tcop/tcopprot.h" #include "utils/memutils.h" +/* + * These SSL-related #includes must come after all system-provided headers. + * This ensures that OpenSSL can take care of conflicts with Windows' + * <wincrypt.h> by #undef'ing the conflicting macros. (We don't directly + * include <wincrypt.h>, but some other Windows headers do.) + */ +#include "common/openssl.h" +#include <openssl/conf.h> +#include <openssl/dh.h> +#ifndef OPENSSL_NO_ECDH +#include <openssl/ec.h> +#endif +#include <openssl/x509v3.h> + + /* default init hook can be overridden by a shared library */ static void default_openssl_tls_init(SSL_CTX *context, bool isServerStart); openssl_tls_init_hook_typ openssl_tls_init_hook = default_openssl_tls_init; diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 3a7cc8f774..a90d891c6c 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -30,7 +30,6 @@ #include "fe-auth.h" #include "fe-secure-common.h" #include "libpq-int.h" -#include "common/openssl.h" #ifdef WIN32 #include "win32.h" @@ -55,13 +54,20 @@ #endif #endif -#include <openssl/ssl.h> +/* + * These SSL-related #includes must come after all system-provided headers. + * This ensures that OpenSSL can take care of conflicts with Windows' + * <wincrypt.h> by #undef'ing the conflicting macros. (We don't directly + * include <wincrypt.h>, but some other Windows headers do.) + */ +#include "common/openssl.h" #include <openssl/conf.h> #ifdef USE_SSL_ENGINE #include <openssl/engine.h> #endif #include <openssl/x509v3.h> + static int verify_cb(int ok, X509_STORE_CTX *ctx); static int openssl_verify_peer_name_matches_certificate_name(PGconn *conn, ASN1_STRING *name, |