Re: OpenSSL 1.1 breaks configure and more
Andreas Karlsson <andreas@proxel.se>
From: Andreas Karlsson <andreas@proxel.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Alvaro Herrera <alvherre@2ndquadrant.com>,
Christoph Berg <myon@debian.org>, Heikki Linnakangas <hlinnaka@iki.fi>,
Michael Paquier <michael.paquier@gmail.com>,
Victor Wagner <vitus@wagner.pp.ru>, pgsql-hackers@postgresql.org
Date: 2017-04-16T21:27:10Z
Lists: pgsql-hackers
On 04/16/2017 03:14 AM, Tom Lane wrote: > 1. Back-patch that patch, probably also including the followup adjustments > in 86029b31e and 36a3be654. > > 2. Add #if's to use 31cf1a1a4's coding with OpenSSL >= 1.1, while keeping > the older code for use when built against older OpenSSLs. > > 3. Conditionally disable renegotiation altogether with OpenSSL >= 1.1, > thus adopting 9.5 not 9.4 behavior when using newer OpenSSL. > > [...] > > Thoughts? Given that I cannot recall seeing any complaints about the behavior of 9.4 compared to 9.3 I am leaning towards #1. That way there are fewer different versions of our OpenSSL code. Andreas
Commits
-
Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.
- fbfeceb25362 9.3.17 landed
- 58384149bdbd 9.2.21 landed