Move OpenSSL routines for min/max protocol setting to src/common/
Two routines have been added in OpenSSL 1.1.0 to set the protocol bounds
allowed within a given SSL context:
- SSL_CTX_set_min_proto_version
- SSL_CTX_set_max_proto_version
As Postgres supports OpenSSL down to 1.0.1 (as of HEAD), equivalent
replacements exist in the tree, which are only available for the
backend. A follow-up patch is planned to add control of the SSL
protocol bounds for libpq, so move those routines to src/common/ so as
libpq can use them.
Author: Daniel Gustafsson
Discussion: https://postgr.es/m/4F246AE3-A7AE-471E-BD3D-C799D3748E03@yesql.se
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/f7cd5896a69621818189fbdd209fb2e1fc008102
Modified Files
--------------
src/backend/libpq/be-secure-openssl.c | 99 +---------------------------
src/common/Makefile | 4 +-
src/common/protocol_openssl.c | 117 ++++++++++++++++++++++++++++++++++
src/include/common/openssl.h | 28 ++++++++
src/tools/msvc/Mkvcbuild.pm | 1 +
5 files changed, 150 insertions(+), 99 deletions(-)