Re: PostgreSQL12 and older versions of OpenSSL

Victor Wagner <vitus@wagner.pp.ru> writes:
> I'm attaching patch which uses solution mentioned above.
> It seems that chedk for SSL_OP_NO_TLSvX_Y is redundant if 
> we are checking for TLS_MAX_VERSION.

One thing I'm wondering is if it's safe to assume that TLS_MAX_VERSION
will be defined whenever these other symbols are.  Looking in an
0.9.8x install tree, that doesn't seem to define any of them; while
in 1.0.1e I see

./tls1.h:#define TLS1_1_VERSION                 0x0302
./tls1.h:#define TLS1_2_VERSION                 0x0303
./tls1.h:#define TLS_MAX_VERSION                        TLS1_2_VERSION

So the patch seems okay for these two versions, but I have no data about
intermediate OpenSSL versions.

BTW, the spacing in this patch seems rather random.

            regards, tom lane