Fix build with older OpenSSL versions

petere · petere · commit ac3ff8b1d8f9 · 2018-01-04T16:22:06.000-05:00
Apparently, X509_get_signature_nid() is only in fairly new OpenSSL
versions, so use the lower-level interface it is built on instead.
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
@@ -1265,7 +1265,7 @@ be_tls_get_certificate_hash(Port *port, size_t *len)
 	 * Get the signature algorithm of the certificate to determine the
 	 * hash algorithm to use for the result.
 	 */
-	if (!OBJ_find_sigid_algs(X509_get_signature_nid(server_cert),
+	if (!OBJ_find_sigid_algs(OBJ_obj2nid(server_cert->sig_alg->algorithm),
 							 &algo_nid, NULL))
 		elog(ERROR, "could not determine server certificate signature algorithm");
 
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
@@ -447,7 +447,7 @@ pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len)
 	 * Get the signature algorithm of the certificate to determine the hash
 	 * algorithm to use for the result.
 	 */
-	if (!OBJ_find_sigid_algs(X509_get_signature_nid(peer_cert),
+	if (!OBJ_find_sigid_algs(OBJ_obj2nid(peer_cert->sig_alg->algorithm),
 							 &algo_nid, NULL))
 	{
 		printfPQExpBuffer(&conn->errorMessage,

Original file line number	Diff line number	Diff line change
`@@ -447,7 +447,7 @@ pgtls_get_peer_certificate_hash(PGconn conn, size_t len)`
`447`	`447`	`* Get the signature algorithm of the certificate to determine the hash`
`448`	`448`	`* algorithm to use for the result.`
`449`	`449`	`*/`
`450`		`- if (!OBJ_find_sigid_algs(X509_get_signature_nid(peer_cert),`
	`450`	`+ if (!OBJ_find_sigid_algs(OBJ_obj2nid(peer_cert->sig_alg->algorithm),`
`451`	`451`	`&algo_nid, NULL))`
`452`	`452`	`{`
`453`	`453`	`printfPQExpBuffer(&conn->errorMessage,`