Re: OpenSSL 3.0.0 compatibility

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Jelte Fennema <postgres@jeltef.nl>
Cc: Peter Eisentraut <peter.eisentraut@enterprisedb.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, Tom Lane <tgl@sss.pgh.pa.us>, Michael Paquier <michael@paquier.xyz>
Date: 2022-06-29T09:25:59Z
Lists: pgsql-hackers
> On 29 Jun 2022, at 11:02, Jelte Fennema <postgres@jeltef.nl> wrote:
> 
> On Wed, 29 Jun 2022 at 10:55, Daniel Gustafsson <daniel@yesql.se> wrote:
>> These have now been pushed to 14 through to 10 ahead of next week releases
> 
> I upgraded my OS to Ubuntu 22.04 and it seems that "Define
> OPENSSL_API_COMPAT" commit was never backported
> (4d3db13621be64fbac2faf7c01c4879d20885c1b). I now get various
> deprecation warnings when compiling PG13 on Ubuntu 22.04, because of
> OpenSSL 3.0. Was this simply forgotten, or is there a reason why it
> wasn't backported?

See upthread in ef5c7896-20cb-843f-e91e-0ee5f7fd932e@enterprisedb.com, below is
the relevant portion:

>> 13 and older will, when compiled against OpenSSL 3.0.0, produce a fair amount
>> of compiler warnings on usage of depreceted functionality but there is really
>> anything we can do as suppressing that is beyond the scope of a backpatchable
>> fix IMHO.
> 
> Right, that's just a matter of adjusting the compiler warnings.
> 
> Earlier in this thread, I had suggested backpatching the OPENSSL_API_COMPAT definition to PG13, but now I'm thinking I wouldn't bother, since that still wouldn't help with anything older.

--
Daniel Gustafsson		https://vmware.com/




Commits

  1. Define OPENSSL_API_COMPAT

  2. Add alternative output for OpenSSL 3 without legacy loaded

  3. Disable OpenSSL EVP digest padding in pgcrypto

  4. pgcrypto: Check for error return of px_cipher_decrypt()

  5. OpenSSL 3.0.0 compatibility in tests

  6. Make ssl certificate for ssl_passphrase_callback test via Makefile

  7. Provide a TLS init hook