Skip to content

Commit

Permalink
Make usage of openSSL optional
Browse files Browse the repository at this point in the history
  • Loading branch information
stormshield-gt committed Sep 4, 2024
1 parent c5d8aa0 commit 34f6753
Show file tree
Hide file tree
Showing 8 changed files with 57 additions and 17 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,15 @@ for Rust libraries in [RFC #1105](https://github.com/rust-lang/rfcs/blob/master/

## Unreleased

### Changed

* `openssl` usage can now be disabled with the `bundled_without_openssl` feature of `pq-sys`.
To deactivate `openssl`, enable it:
```toml
[dependencies]
pq-sys = { version = "0.3.0", features = ["bundled_without_openssl"]}
```

## pq-sys [0.6.1] 2024-06-11

### Changed
Expand Down
6 changes: 4 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ members = ["pq-src"]
name = "pq_sys"

[dependencies]
pq-src = { path = "pq-src", version = ">=0.2, <0.4", optional = true }
pq-src = { path = "pq-src", version = ">=0.2, <0.4", optional = true , default-features = false }

[build-dependencies]
pkg-config = { version = "0.3.0", optional = true }
Expand All @@ -25,5 +25,7 @@ vcpkg = "0.2.6"

[features]
default = []
bundled = ["pq-src"]
bundled = ["pq-src/with-openssl"]
bundled_without_openssl = ["dep:pq-src"]

buildtime_bindgen = ["dep:bindgen"]
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,13 @@ If pkg-config is being used, it's configuration options will apply.
### Features

* `buildtime_bindgen`: Run `bindgen` at build-time to generate bindings using installed headers. Not compatible with the `bundled` feature.
* `bundled`: Build the bundled version of `libpq` from source.
To use a bundled version of `openssl`, add the `openssl-sys` crate with the `vendored` feature to your crate dependencies:
* `bundled`: Build the bundled version of `libpq` from source. It will look for `openssl` installed on your system.
To use a bundled version of `openssl`, add the `openssl-sys` crate with the vendored feature to your crate dependencies:
```toml
[dependencies]
openssl-sys = { version = "0.9.93", features = ["vendored"] }
```
* `bundled_without_openssl`: Build the bundled version of `libpq` from source without `openssl`. This disables the TLS support in `libpq`, so that you cannot connect to a database requiring TLS anymore.

## FAQ

Expand Down
6 changes: 4 additions & 2 deletions build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -80,10 +80,12 @@ impl Display for LinkingOptions {
}

fn main() {
if cfg!(feature = "bundled") && cfg!(feature = "buildtime_bindgen") {
if (cfg!(feature = "bundled") || cfg!(feature = "bundled_without_openssl"))
&& cfg!(feature = "buildtime_bindgen")
{
panic!("Combining the `bundled` and `builtime_bindgen` feature is not supported");
}
if cfg!(feature = "bundled") {
if cfg!(feature = "bundled") || cfg!(feature = "bundled_without_openssl") {
// everything else is handled
// by pq-src
return;
Expand Down
5 changes: 3 additions & 2 deletions pq-src/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,12 @@ categories = ["database", "external-ffi-bindings"]
readme = "README.md"

[dependencies]
openssl-sys = "0.9.93"
openssl-sys = { version = "0.9.93", optional = true }

[build-dependencies]
cc = "1.0.83"

[features]
default = []
default = ["with-openssl"]
with-asan = []
with-openssl = ["dep:openssl-sys"]
7 changes: 4 additions & 3 deletions pq-src/additional_include/pg_config.h
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,11 @@
#define BLCKSZ 8192

/* Saved arguments from configure */
#if defined USE_OPENSSL
#define CONFIGURE_ARGS " '--with-openssl' '--without-readline'"
#else
#define CONFIGURE_ARGS " '--without-readline'"
#endif

/* Define to the default TCP port number on which the server listens and to
which clients will try to connect. This can be overridden at run-time, but
Expand Down Expand Up @@ -212,9 +216,6 @@
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1

/* Define to 1 to build with OpenSSL support. (--with-ssl=openssl) */
#define USE_OPENSSL 1

/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */
#if defined AC_APPLE_UNIVERSAL_BUILD
Expand Down
35 changes: 29 additions & 6 deletions pq-src/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -79,11 +79,16 @@ const LIBCOMMON_BASE: &[&str] = &[
"restricted_token.c",
"sprompt.c",
"logging.c",
];

const LIBCOMMON_OPENSSL: &[&str] = &[
"cryptohash_openssl.c",
"hmac_openssl.c",
"protocol_openssl.c",
];

const LIBCOMMON_NOT_OPENSSL: &[&str] = &["cryptohash.c", "hmac.c", "md5.c", "sha1.c", "sha2.c"];

const LIBCOMMON_NOT_WINDOWS: &[&str] = &[];

const LIBCOMMON_WINDOWS: &[&str] = &["wchar.c"];
Expand All @@ -102,10 +107,10 @@ const LIBPQ_BASE: &[&str] = &[
"legacy-pqsignal.c",
"libpq-events.c",
"pqexpbuffer.c",
"fe-secure-common.c",
"fe-secure-openssl.c",
];

const LIBPQ_OPENSSL: &[&str] = &["fe-secure-common.c", "fe-secure-openssl.c"];

const LIBPQ_NOT_WINDOWS: &[&str] = &[];

const LIBPQ_WINDOWS: &[&str] = &["fe-secure.c", "pthread-win32.c", "win32.c"];
Expand All @@ -120,6 +125,7 @@ fn unimplemented() -> ! {

fn main() {
let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap();
let use_openssl = env::var("CARGO_FEATURE_WITH_OPENSSL").is_ok();

println!("cargo:rerun-if-changed=additional_include");
let crate_dir = env!("CARGO_MANIFEST_DIR");
Expand Down Expand Up @@ -168,10 +174,9 @@ fn main() {
format!("{path}src/include"),
format!("{crate_dir}/additional_include"),
temp_include.clone(),
env::var("DEP_OPENSSL_INCLUDE").unwrap().clone(),
][..];

let includes = if target_os == "windows" {
let mut includes = if target_os == "windows" {
let includes_windows = &[
format!("{path}/src/include/port/win32/"),
format!("{path}/src/include/port/win32_msvc/"),
Expand All @@ -181,6 +186,10 @@ fn main() {
base_includes.to_vec()
};

if use_openssl {
includes.extend_from_slice(&[env::var("DEP_OPENSSL_INCLUDE").unwrap().clone()]);
}

basic_build
.define("FRONTEND", None)
.warnings(false)
Expand Down Expand Up @@ -212,9 +221,23 @@ fn main() {
_ => unimplemented(),
};

let (libcommon, libpq) = if use_openssl {
// Define to 1 to build with OpenSSL support. (--with-ssl=openssl)
basic_build.define("USE_OPENSSL", "1");
(
[LIBCOMMON_BASE, LIBCOMMON_OPENSSL].concat(),
[LIBPQ_BASE, LIBPQ_OPENSSL].concat(),
)
} else {
(
[LIBCOMMON_BASE, LIBCOMMON_NOT_OPENSSL].concat(),
LIBPQ_BASE.to_vec(),
)
};

let libports = LIBPORTS_BASE.iter().chain(libports_os);
let libcommon = LIBCOMMON_BASE.iter().chain(libcommon_os);
let libpq = LIBPQ_BASE.iter().chain(libpq_os);
let libcommon = libcommon.iter().chain(libcommon_os);
let libpq = libpq.iter().chain(libpq_os);

basic_build
.files(
Expand Down
1 change: 1 addition & 0 deletions pq-src/src/lib.rs
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
#[cfg(feature = "with-openssl")]
extern crate openssl_sys;

0 comments on commit 34f6753

Please sign in to comment.