From 05432519e2c9e90f08c71fc13283863b75559dea Mon Sep 17 00:00:00 2001
From: Mehmet Yilmaz <mehmetyilmaz@microsoft.com>
Date: Fri, 16 May 2025 14:35:36 +0000
Subject: [PATCH] Refactor SSL context creation to use TLS_method for OpenSSL
 1.1.0+ compatibility

---
 src/backend/distributed/utils/enable_ssl.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/backend/distributed/utils/enable_ssl.c b/src/backend/distributed/utils/enable_ssl.c
index c30bee214..4a1c3570e 100644
--- a/src/backend/distributed/utils/enable_ssl.c
+++ b/src/backend/distributed/utils/enable_ssl.c
@@ -255,7 +255,12 @@ CreateCertificatesWhenNeeded()
 	SSL_library_init();
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	sslContext = SSL_CTX_new(TLS_method());
+#else
+	sslContext = SSL_CTX_new(SSLv23_method());
+#endif
+
 	if (!sslContext)
 	{
 		ereport(WARNING, (errmsg("unable to create ssl context, please verify ssl "
@@ -387,8 +392,8 @@ CreateCertificate(EVP_PKEY *privateKey)
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 
 	/* New mutable accessors (present in 1.1, 3.x). */
-    X509_gmtime_adj(X509_getm_notBefore(certificate), 0);
-    X509_gmtime_adj(X509_getm_notAfter(certificate), 0);
+	X509_gmtime_adj(X509_getm_notBefore(certificate), 0);
+	X509_gmtime_adj(X509_getm_notAfter(certificate), 0);
 #else
 
 	/* Legacy functions kept for 1.0.x compatibility. */