Fix build with older OpenSSL versions

Apparently, X509_get_signature_nid() is only in fairly new OpenSSL
versions, so use the lower-level interface it is built on instead.

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index f75cc2ef18fed699a96d6f8e961708e7782cf74a..8d0256ba079c49567ce99fd8ab052d79cedf4608 100644 (file)
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -1265,7 +1265,7 @@ be_tls_get_certificate_hash(Port *port, size_t *len)
         * Get the signature algorithm of the certificate to determine the
         * hash algorithm to use for the result.
         */
-       if (!OBJ_find_sigid_algs(X509_get_signature_nid(server_cert),
+       if (!OBJ_find_sigid_algs(OBJ_obj2nid(server_cert->sig_alg->algorithm),
                                                         &algo_nid, NULL))
                elog(ERROR, "could not determine server certificate signature algorithm");
 

diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 52390640bf351ef2cc5943adfa6dd688225f5b84..ac2842cd066f87be0b6c556c455ce37a9a8fb2ad 100644 (file)
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -447,7 +447,7 @@ pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len)
         * Get the signature algorithm of the certificate to determine the hash
         * algorithm to use for the result.
         */
-       if (!OBJ_find_sigid_algs(X509_get_signature_nid(peer_cert),
+       if (!OBJ_find_sigid_algs(OBJ_obj2nid(peer_cert->sig_alg->algorithm),
                                                         &algo_nid, NULL))
        {
                printfPQExpBuffer(&conn->errorMessage,