Raise the minimum supported OpenSSL version to 1.1.1

Commit a70e01d430 retired support for OpenSSL 1.0.2 in order to get rid of the need for manual initialization of the library. This left our API usage compatible with 1.1.0 which was defined as the minimum required version. Also mention that 3.4 is the minimum version required when using LibreSSL. An upcoming commit will introduce support for configuring TLSv1.3 cipher suites which require an API call in OpenSSL 1.1.1 and onwards. In order to support this setting this commit will set v1.1.1 as the new minimum required version. The version-specific call for randomness init added in commit c3333dbc0c is removed as it's no longer needed. Author: Daniel Gustafsson <daniel@yesql.se> Discussion: https://postgr.es/m/909A668B-06AD-47D1-B8EB-A164211AAD16@yesql.se Discussion: https://postgr.es/m/tencent_063F89FA72CCF2E48A0DF5338841988E9809@qq.com
2026-01-05 23:38:41 +03:00 · 2024-10-24 15:20:19 +02:00
parent f81855171f
commit 6c66b7443c
6 changed files with 40 additions and 50 deletions
--- a/meson.build
+++ b/meson.build
@@ -1361,12 +1361,8 @@ if sslopt in ['auto', 'openssl']
      ['CRYPTO_new_ex_data', {'required': true}],
      ['SSL_new', {'required': true}],

-      # Functions introduced in OpenSSL 1.1.0. We used to check for
-      # OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
-      # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
-      # doesn't have these OpenSSL 1.1.0 functions. So check for individual
-      # functions.
-      ['OPENSSL_init_ssl', {'required': true}],
+      # Functions introduced in OpenSSL 1.1.1.
+      ['SSL_CTX_set_ciphersuites', {'required': true}],

      # Function introduced in OpenSSL 1.0.2, not in LibreSSL.
      ['SSL_CTX_set_cert_cb'],
@@ -1395,7 +1391,7 @@ if sslopt in ['auto', 'openssl']
    if are_openssl_funcs_complete
      cdata.set('USE_OPENSSL', 1,
                description: 'Define to 1 to build with OpenSSL support. (-Dssl=openssl)')
-      cdata.set('OPENSSL_API_COMPAT', '0x10100000L',
+      cdata.set('OPENSSL_API_COMPAT', '0x10101000L',
                description: 'Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.')
      ssl_library = 'openssl'
    else