Re: OpenSSL 3.0.0 vs old branches

Andrew Dunstan <andrew@dunslane.net>

From: Andrew Dunstan <andrew@dunslane.net>
To: Tom Lane <tgl@sss.pgh.pa.us>, Michael Paquier <michael@paquier.xyz>
Cc: Peter Eisentraut <peter.eisentraut@enterprisedb.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2023-02-08T12:30:32Z
Lists: pgsql-hackers
On 2023-02-07 Tu 23:37, Tom Lane wrote:
> Michael Paquier<michael@paquier.xyz>  writes:
>> On Tue, Feb 07, 2023 at 01:28:26PM -0500, Tom Lane wrote:
>>> I think Peter's misremembering the history, and OpenSSL 3 *is*
>>> supported in these branches.  There could be an argument for
>>> not back-patching f0d2c65f17 on the grounds that pre-1.1.1 is
>>> also supported there.  On the whole though, it seems more useful
>>> today for that test to pass with 3.x than for it to pass with 0.9.8.
>>> And I can't see investing effort to make it do both (but if Peter
>>> wants to, I won't stand in the way).
>> Cutting support for 0.9.8 in oldest branches would be a very risky
>> move, but as you say, if that only involves a failure in the SSL
>> tests while still allowing anything we have to work, fine by me to
>> live with that.
> Question: is anybody around here still testing with 0.9.8 (or 1.0.x)
> at all?  The systems I had that had that version on them are dead.


In the last 30 days, only the following buildfarm animals have reported 
running the ssl checks on the relevant branches:

  crake
  eelpout
  fairywren
  gokiburi
  hachi
  longfin

I don't think any of these runs openssl <= 1.0.x. If we want to preserve 
testability for those very old versions we should actually be doing some 
testing. Or we could just move on and backpatch this as I've suggested. 
I'll be pretty surprised if we get a single complaint.


cheers


andrew

--
Andrew Dunstan
EDB:https://www.enterprisedb.com

Commits

  1. Backpatch OpenSSL 3.0.0 compatibility in tests

  2. OpenSSL 3.0.0 compatibility in tests

  3. Remove support for OpenSSL 0.9.8 and 1.0.0