external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update SSL context creation to use TLS_method for improved security and maintain compatibility with OpenSSL 1.1.0+

m3hm3t/pg18_rel_oid_2
Mehmet Yilmaz 2025-05-16 14:09:14 +00:00
parent 3e401a75dc
commit 6e449db893
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/backend/distributed/utils/enable_ssl.c
View File

@ -255,7 +255,7 @@ CreateCertificatesWhenNeeded()
SSL_library_init(); SSL_library_init();
#endif #endif
sslContext = SSL_CTX_new(SSLv23_method()); sslContext = SSL_CTX_new(TLS_method());
if (!sslContext) if (!sslContext)
{ {
ereport(WARNING, (errmsg("unable to create ssl context, please verify ssl " ereport(WARNING, (errmsg("unable to create ssl context, please verify ssl "
@ -386,12 +386,12 @@ CreateCertificate(EVP_PKEY *privateKey)
*/ */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L #if OPENSSL_VERSION_NUMBER >= 0x10100000L
/* OpenSSL 1.1.0+ */ /* New mutable accessors (present in 1.1, 3.x). */
X509_gmtime_adj(X509_getm_notBefore(certificate), 0); X509_gmtime_adj(X509_getm_notBefore(certificate), 0);
X509_gmtime_adj(X509_getm_notAfter(certificate), 0); X509_gmtime_adj(X509_getm_notAfter(certificate), 0);
#else #else
/* OpenSSL < 1.1.0 */ /* Legacy functions kept for 1.0.x compatibility. */
X509_gmtime_adj(X509_get_notBefore(certificate), 0); X509_gmtime_adj(X509_get_notBefore(certificate), 0);
X509_gmtime_adj(X509_get_notAfter(certificate), 0); X509_gmtime_adj(X509_get_notAfter(certificate), 0);
#endif #endif