PostgreSQL Source Code  git master
openssl.h
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * openssl.h
4  * OpenSSL supporting functionality shared between frontend and backend
5  *
6  * Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group
7  * Portions Copyright (c) 1994, Regents of the University of California
8  *
9  * IDENTIFICATION
10  * src/include/common/openssl.h
11  *
12  *-------------------------------------------------------------------------
13  */
14 #ifndef COMMON_OPENSSL_H
15 #define COMMON_OPENSSL_H
16 
17 #ifdef USE_OPENSSL
18 #include <openssl/ssl.h>
19 
20 /*
21  * OpenSSL doesn't provide any very nice way to identify the min/max
22  * protocol versions the library supports, so we fake it as best we can.
23  * Note in particular that this doesn't account for restrictions that
24  * might be specified in the installation's openssl.cnf.
25  *
26  * We disable SSLv3 and older in library setup, so TLSv1 is the oldest
27  * protocol version of interest.
28  */
29 #define MIN_OPENSSL_TLS_VERSION "TLSv1"
30 
31 #if defined(TLS1_3_VERSION)
32 #define MAX_OPENSSL_TLS_VERSION "TLSv1.3"
33 #elif defined(TLS1_2_VERSION)
34 #define MAX_OPENSSL_TLS_VERSION "TLSv1.2"
35 #elif defined(TLS1_1_VERSION)
36 #define MAX_OPENSSL_TLS_VERSION "TLSv1.1"
37 #else
38 #define MAX_OPENSSL_TLS_VERSION "TLSv1"
39 #endif
40 
41 /* src/common/protocol_openssl.c */
42 #ifndef SSL_CTX_set_min_proto_version
43 extern int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
44 extern int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
45 #endif
46 
47 #endif /* USE_OPENSSL */
48 
49 #endif /* COMMON_OPENSSL_H */
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version)
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version)