Skip to content

Commit d80f2ce

Browse files
danielgustafssondanielgustafsson
committed
Support SSL_R_VERSION_TOO_LOW when using LibreSSL
The SSL_R_VERSION_TOO_LOW error reason is supported in LibreSSL since LibreSSL 3.6.3, shipped in OpenBSD 7.2. SSL_R_VERSION_TOO_HIGH is on the other hand not supported in any version of LibreSSL. Previously we only checked for SSL_R_VERSION_TOO_HIGH and then applied both under that guard since OpenSSL has only ever supported both at the same time. This breaks the check into one per reason to allow SSL_R_VERSION_TOO_LOW to work when using LibreSSL. Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Reviewed-by: Michael Paquier <michael@paquier.xyz> Discussion: https://postgr.es/m/eac70d46-e61c-4d71-a1e1-78e2bfa19485@eisentraut.org
1 parent 44e27f0 commit d80f2ce

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

src/backend/libpq/be-secure-openssl.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -547,6 +547,8 @@ be_tls_open_server(Port *port)
547547
case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:
548548
#ifdef SSL_R_VERSION_TOO_HIGH
549549
case SSL_R_VERSION_TOO_HIGH:
550+
#endif
551+
#ifdef SSL_R_VERSION_TOO_LOW
550552
case SSL_R_VERSION_TOO_LOW:
551553
#endif
552554
give_proto_hint = true;

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy