<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 11, 2017 at 12:05 PM, Tatsuo Ishii <span dir="ltr"><<a href="mailto:ishii@sraoss.co.jp" target="_blank">ishii@sraoss.co.jp</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I have tested the patch on Fedora 26 box and confirmed it works.<br>
<br>
$ openssl version<br>
OpenSSL 1.1.0f-fips 25 May 2017<br>
<br>
$ psql -h localhost -p 11000 test<br>
psql (9.6.3)<br>
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)<br>
<br>
It also works on Ubuntu 16 box which still uses OpenSSL 1.0.<br>
<br>
$ openssl version<br>
OpenSSL 1.0.2g 1 Mar 2016<br>
<br>
$ psql -p 11000 -h localhost test<br>
psql (9.6.5)<br>
SSL connection (protocol: TLSv1.2, cipher: AES256-GCM-SHA384, bits: 256, compression: off)<br>
<br>
Currently the patch is pushed to master, 3.6 stable and 3.5 stable<br>
branches. For 3.4 and 3.3, it's not straight forward because of the<br>
watchdog changes.<br>
<br>
Usama,<br>
<br>
Can you please take care of 3.4 and 3.3 branches?<br>
(3.2 is not needed because it's EOL).<br></blockquote><div><br></div><div>Sure I will do that.</div><div><br></div><div>Thanks</div><div>Best regards</div><div>Muhammad Usama</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class="im HOEnZb"><br>
Best regards,<br>
--<br>
Tatsuo Ishii<br>
SRA OSS, Inc. Japan<br>
English: <a href="http://www.sraoss.co.jp/index_en.php" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_<wbr>en.php</a><br>
Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.<wbr>jp</a><br>
<br>
</span><div class="HOEnZb"><div class="h5">> Hi Ishii-San<br>
><br>
> I don't have the proper setup with openssl 1.1 at the moment so couldn't<br>
> test the changes.<br>
> But I have made the required changes as per the changelog of openssl 1.1<br>
> Can you please check the attached patch if it works.<br>
><br>
> Please note that the patch is generated over your patch.<br>
><br>
><br>
> Thanks<br>
> Best Regards<br>
> Muhammad Usama<br>
><br>
> On Fri, Jul 28, 2017 at 11:55 AM, Muhammad Usama <<a href="mailto:m.usama@gmail.com">m.usama@gmail.com</a>> wrote:<br>
><br>
>> Hi Ishii-San,<br>
>><br>
>> Apparently HMAC_CTX_init and HMAC_CTX_cleanup are also removed from new<br>
>> openssl API. I am looking into the replacements for these functions will<br>
>> update on this thread.<br>
>><br>
>> Thanks<br>
>> Best Regards<br>
>> Muhammad Usama<br>
>><br>
>> On Fri, Jul 28, 2017 at 7:29 AM, Tatsuo Ishii <<a href="mailto:ishii@sraoss.co.jp">ishii@sraoss.co.jp</a>> wrote:<br>
>><br>
>>> Hi Usama,<br>
>>><br>
>>> While working on $subject, I get compile errors while compiling<br>
>>> watchdog:<br>
>>><br>
>>> make[2]: Entering directory '/home/t-ishii/src/pgpool2/<wbr>src/watchdog'<br>
>>> depbase=`echo wd_utils.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;<wbr>\<br>
>>> gcc -DHAVE_CONFIG_H -I. -I../../src/include -D_GNU_SOURCE -I<br>
>>> /usr/include -g -O2 -Wall -Wmissing-prototypes -Wmissing-declarations<br>
>>> -fno-strict-aliasing -MT wd_utils.o -MD -MP -MF $depbase.Tpo -c -o<br>
>>> wd_utils.o wd_utils.c &&\<br>
>>> mv -f $depbase.Tpo $depbase.Po<br>
>>> wd_utils.c: In function 'calculate_hmac_sha256':<br>
>>> wd_utils.c:157:11: error: storage size of 'ctx' isn't known<br>
>>> HMAC_CTX ctx;<br>
>>> ^~~<br>
>>> wd_utils.c:158:2: warning: implicit declaration of function<br>
>>> 'HMAC_CTX_init'; did you mean 'HMAC_CTX_new'? [-Wimplicit-function-declarati<br>
>>> on]<br>
>>> HMAC_CTX_init(&ctx);<br>
>>> ^~~~~~~~~~~~~<br>
>>> HMAC_CTX_new<br>
>>> wd_utils.c:162:2: warning: implicit declaration of function<br>
>>> 'HMAC_CTX_cleanup'; did you mean 'HMAC_CTX_get_md'?<br>
>>> [-Wimplicit-function-<wbr>declaration]<br>
>>> HMAC_CTX_cleanup(&ctx);<br>
>>> ^~~~~~~~~~~~~~~~<br>
>>> HMAC_CTX_get_md<br>
>>> wd_utils.c:157:11: warning: unused variable 'ctx' [-Wunused-variable]<br>
>>> HMAC_CTX ctx;<br>
>>> ^~~<br>
>>> make[2]: *** [Makefile:400: wd_utils.o] Error 1<br>
>>><br>
>>> Any idea how to fix them?<br>
>>><br>
>>> This is Fedora 26. Attached is the patch I'm working on.<br>
>>><br>
>>> Best regards,<br>
>>> --<br>
>>> Tatsuo Ishii<br>
>>> SRA OSS, Inc. Japan<br>
>>> English: <a href="http://www.sraoss.co.jp/index_en.php" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_<wbr>en.php</a><br>
>>> Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.<wbr>jp</a><br>
>>><br>
>>> diff --git a/<a href="http://configure.ac" rel="noreferrer" target="_blank">configure.ac</a> b/<a href="http://configure.ac" rel="noreferrer" target="_blank">configure.ac</a><br>
>>> index 38c8611..1b7fb4a 100644<br>
>>> --- a/<a href="http://configure.ac" rel="noreferrer" target="_blank">configure.ac</a><br>
>>> +++ b/<a href="http://configure.ac" rel="noreferrer" target="_blank">configure.ac</a><br>
>>> @@ -325,7 +325,7 @@ if test "$with_openssl" = yes || test "$with_openssl"<br>
>>> = auto; then<br>
>>> ])<br>
>>><br>
>>> AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library<br>
>>> 'crypto' is required for OpenSSL])])<br>
>>> - AC_CHECK_LIB(ssl, SSL_library_init, [], [AC_MSG_ERROR([library<br>
>>> 'ssl' is required for OpenSSL])])<br>
>>> + AC_CHECK_LIB(ssl, SSL_new, [], [AC_MSG_ERROR([library 'ssl' is<br>
>>> required for OpenSSL])])<br>
>>> fi<br>
>>><br>
>>> AC_ARG_WITH(pam,<br>
>>> diff --git a/src/main/main.c b/src/main/main.c<br>
>>> index 9dd0cc3..f33eec5 100644<br>
>>> --- a/src/main/main.c<br>
>>> +++ b/src/main/main.c<br>
>>> @@ -5,7 +5,7 @@<br>
>>> * pgpool: a language independent connection pool server for PostgreSQL<br>
>>> * written by Tatsuo Ishii<br>
>>> *<br>
>>> - * Copyright (c) 2003-2016 PgPool Global Development Group<br>
>>> + * Copyright (c) 2003-2017 PgPool Global Development Group<br>
>>> *<br>
>>> * Permission to use, copy, modify, and distribute this software and<br>
>>> * its documentation for any purpose and without fee is hereby<br>
>>> @@ -185,7 +185,11 @@ int main(int argc, char **argv)<br>
>>> }<br>
>>> #ifdef USE_SSL<br>
>>> /* global ssl init */<br>
>>> +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)<br>
>>> + OPENSSL_init_ssl(0, NULL);<br>
>>> +#else<br>
>>> SSL_library_init();<br>
>>> +#endif<br>
>>> SSL_load_error_strings();<br>
>>> #endif /* USE_SSL */<br>
>>><br>
>>><br>
>>> ______________________________<wbr>_________________<br>
>>> pgpool-hackers mailing list<br>
>>> <a href="mailto:pgpool-hackers@pgpool.net">pgpool-hackers@pgpool.net</a><br>
>>> <a href="http://www.pgpool.net/mailman/listinfo/pgpool-hackers" rel="noreferrer" target="_blank">http://www.pgpool.net/mailman/<wbr>listinfo/pgpool-hackers</a><br>
>>><br>
>>><br>
>><br>
</div></div></blockquote></div><br></div></div>