Make usage of openSSL optional

CHANGELOG.md

@@ -5,6 +5,15 @@ for Rust libraries in [RFC #1105](https://github.com/rust-lang/rfcs/blob/master/
 
 ## Unreleased
 
+### Changed
+
+* `openssl` usage when compiling `libpq` from source is now gated under a feature flag, which is activated by default.
+  To deactivate `openssl`, disable the default features:
+  ```toml
+  [dependencies]
+  pq-src = { version = "0.3.0", default-features = false }
+  ```
+
 ## pq-sys [0.6.1] 2024-06-11
 
 ### Changed

README.md

@@ -35,6 +35,12 @@ If pkg-config is being used, it's configuration options will apply.
 
 * `buildtime_bindgen`: Run `bindgen` at build-time to generate bindings using installed headers. Not compatible with the `bundled` feature.
 * `bundled`: Build the bundled version of `libpq` from source.
+  Another option to compile `libpq` from source without enabling `openssl` usage is to add the `pq-src` crate with no default features to 
+  your crate dependencies and not using the `bundled` feature of `pq-sys`:
+  ```toml
+  [dependencies]
+  pq-src = { version = "0.3.0", default-features = false }
+  ```
   To use a bundled version of `openssl`, add the `openssl-sys` crate with the `vendored` feature to your crate dependencies:
   ```toml
   [dependencies]

pq-src/Cargo.toml

@@ -23,11 +23,12 @@ categories = ["database", "external-ffi-bindings"]
 readme = "README.md"
 
 [dependencies]
-openssl-sys = "0.9.93"
+openssl-sys = { version = "0.9.93", optional = true}
 
 [build-dependencies]
 cc = "1.0.83"
 
 [features]
-default = []
+default = ["with-openssl"]
 with-asan = []
+with-openssl = ["dep:openssl-sys"]

pq-src/additional_include/pg_config.h

@@ -11,7 +11,11 @@
 #define BLCKSZ 8192
 
 /* Saved arguments from configure */
+#if defined USE_OPENSSL
 #define CONFIGURE_ARGS " '--with-openssl' '--without-readline'"
+#else
+#define CONFIGURE_ARGS " '--without-readline'"
+#endif
 
 /* Define to the default TCP port number on which the server listens and to
    which clients will try to connect. This can be overridden at run-time, but
@@ -212,9 +216,6 @@
 /* Define to 1 if you have the ANSI C header files. */
 #define STDC_HEADERS 1
 
-/* Define to 1 to build with OpenSSL support. (--with-ssl=openssl) */
-#define USE_OPENSSL 1
-
 /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
    significant byte first (like Motorola and SPARC, unlike Intel). */
 #if defined AC_APPLE_UNIVERSAL_BUILD

pq-src/build.rs

@@ -79,11 +79,16 @@ const LIBCOMMON_BASE: &[&str] = &[
     "restricted_token.c",
     "sprompt.c",
     "logging.c",
+];
+
+const LIBCOMMON_OPENSSL: &[&str] = &[
     "cryptohash_openssl.c",
     "hmac_openssl.c",
     "protocol_openssl.c",
 ];
 
+const LIBCOMMON_NOT_OPENSSL: &[&str] = &["cryptohash.c", "hmac.c", "md5.c", "sha1.c", "sha2.c"];
+
 const LIBCOMMON_NOT_WINDOWS: &[&str] = &[];
 
 const LIBCOMMON_WINDOWS: &[&str] = &["wchar.c"];
@@ -102,10 +107,10 @@ const LIBPQ_BASE: &[&str] = &[
     "legacy-pqsignal.c",
     "libpq-events.c",
     "pqexpbuffer.c",
-    "fe-secure-common.c",
-    "fe-secure-openssl.c",
 ];
 
+const LIBPQ_OPENSSL: &[&str] = &["fe-secure-common.c", "fe-secure-openssl.c"];
+
 const LIBPQ_NOT_WINDOWS: &[&str] = &[];
 
 const LIBPQ_WINDOWS: &[&str] = &["fe-secure.c", "pthread-win32.c", "win32.c"];
@@ -120,6 +125,7 @@ fn unimplemented() -> ! {
 
 fn main() {
     let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap();
+    let use_openssl = env::var("CARGO_FEATURE_WITH_OPENSSL").is_ok();
 
     println!("cargo:rerun-if-changed=additional_include");
     let crate_dir = env!("CARGO_MANIFEST_DIR");
@@ -168,10 +174,9 @@ fn main() {
         format!("{path}src/include"),
         format!("{crate_dir}/additional_include"),
         temp_include.clone(),
-        env::var("DEP_OPENSSL_INCLUDE").unwrap().clone(),
     ][..];
 
-    let includes = if target_os == "windows" {
+    let mut includes = if target_os == "windows" {
         let includes_windows = &[
             format!("{path}/src/include/port/win32/"),
             format!("{path}/src/include/port/win32_msvc/"),
@@ -181,6 +186,10 @@ fn main() {
         base_includes.to_vec()
     };
 
+    if use_openssl {
+        includes.extend_from_slice(&[env::var("DEP_OPENSSL_INCLUDE").unwrap().clone()]);
+    }
+
     basic_build
         .define("FRONTEND", None)
         .warnings(false)
@@ -212,9 +221,23 @@ fn main() {
         _ => unimplemented(),
     };
 
+    let (libcommon, libpq) = if use_openssl {
+        // Define to 1 to build with OpenSSL support. (--with-ssl=openssl)
+        basic_build.define("USE_OPENSSL", "1");
+        (
+            [LIBCOMMON_BASE, LIBCOMMON_OPENSSL].concat(),
+            [LIBPQ_BASE, LIBPQ_OPENSSL].concat(),
+        )
+    } else {
+        (
+            [LIBCOMMON_BASE, LIBCOMMON_NOT_OPENSSL].concat(),
+            LIBPQ_BASE.to_vec(),
+        )
+    };
+
     let libports = LIBPORTS_BASE.iter().chain(libports_os);
-    let libcommon = LIBCOMMON_BASE.iter().chain(libcommon_os);
-    let libpq = LIBPQ_BASE.iter().chain(libpq_os);
+    let libcommon = libcommon.iter().chain(libcommon_os);
+    let libpq = libpq.iter().chain(libpq_os);
 
     basic_build
         .files(

pq-src/src/lib.rs

@@ -1 +1,2 @@
+#[cfg(feature = "with-openssl")]
 extern crate openssl_sys;