Re: OpenSSL 1.1 breaks configure and more

On 09/16/2016 04:11 PM, Christoph Berg wrote:
> Thanks for the patch!
>
> I just tried to apply it to 9.2. There was a conflict in configure.in which was
> trivial to resolve.
>
> Another conflict in contrib/pgcrypto/pgcrypto.c was not applicable
> because the code doesn't seem to exist (didn't try very hard though).
>
> Ignoring the contrib conflict, it still didn't compile:
>
> /home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c: In function ‘secure_write’:
> /home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c:342:17: error: dereferencing pointer
toincomplete type ‘SSL {aka struct ssl_st}’
 
>     if (port->ssl->state != SSL_ST_OK)
>                  ^~
> /home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c:342:28: error: ‘SSL_ST_OK’ undeclared
(firstuse in this function)
 
>     if (port->ssl->state != SSL_ST_OK)
>                             ^~~~~~~~~

This is related to the renegotiation which was first fixed and later 
removed in the 9.4 cycle, but intentionally not backported. It seems 
like OpenSSL refactored the state machine in 1.1 which is why the code 
above breaks.

I am not entirely sure I follow what the old code in 9.3 and 9.2 is 
strying to do and why it messes directly with the state of the statemachine.

Andreas