Support SSL_R_VERSION_TOO_LOW when using LibreSSL

The SSL_R_VERSION_TOO_LOW error reason is supported in LibreSSL since
LibreSSL 3.6.3, shipped in OpenBSD 7.2.  SSL_R_VERSION_TOO_HIGH is on
the other hand not supported in any version of LibreSSL.  Previously
we only checked for SSL_R_VERSION_TOO_HIGH and then applied both under
that guard since OpenSSL has only ever supported both at the same time.
This breaks the check into one per reason to allow SSL_R_VERSION_TOO_LOW
to work when using LibreSSL.

Reviewed-by: Peter Eisentraut 
Reviewed-by: Michael Paquier 
Discussion: https://postgr.es/m/eac70d46-e61c-4d71-a1e1-78e2bfa19485@eisentraut.org

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 55b2cad7459960235efcef7f640f08ac158aab37..fc46a33539497a533866f3fbc2f03916ad4c1273 100644 (file)
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -547,6 +547,8 @@ aloop:
                    case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:
 #ifdef SSL_R_VERSION_TOO_HIGH
                    case SSL_R_VERSION_TOO_HIGH:
+#endif
+#ifdef SSL_R_VERSION_TOO_LOW
                    case SSL_R_VERSION_TOO_LOW:
 #endif
                        give_proto_hint = true;