Commit
316472146 introduced support for ECDH key exchange with an ifdef
guard to ensure support in the underlying OpenSSL installation. Commit
10bf4fc2c3 in OpenSSL removed this guard in 2015 which effectively made
our check a no-op. There has been no complaints that this doesn't work
and OpenSSL installations without ECDH support are likely very rare, so
remove the checks rather than re-implementing support. Not backpatched
since this fix doesn't alter functionality.
Also fix a typo introduced in the original commit which had survived
till this day.
Author: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Reviewed-by: Jacob Champion <jacob.champion@enterprisedb.com>
Discussion: https://postgr.es/m/
1787BA9F-A11C-4A7A-9252-
94C470D5CBE3@yesql.se
#include <openssl/bn.h>
#include <openssl/conf.h>
#include <openssl/dh.h>
-#ifndef OPENSSL_NO_ECDH
#include <openssl/ec.h>
-#endif
#include <openssl/x509v3.h>
/*
static bool
initialize_ecdh(SSL_CTX *context, bool isServerStart)
{
-#ifndef OPENSSL_NO_ECDH
if (SSL_CTX_set1_groups_list(context, SSLECDHCurve) != 1)
{
/*
errhint("Ensure that each group name is spelled correctly and supported by the installed version of OpenSSL."));
return false;
}
-#endif
return true;
}
char *SSLCipherSuites = NULL;
char *SSLCipherList = NULL;
-/* GUC variable for default ECHD curve. */
+/* GUC variable for default ECDH curve. */
char *SSLECDHCurve;
/* GUC variable: if false, prefer client ciphers */
projects / thirdparty / postgresql.git / commitdiff
