Re: Replace current implementations in crypt() and gen_salt() to OpenSSL

Joe Conway <mail@joeconway.com>

From: Joe Conway <mail@joeconway.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Daniel Gustafsson <daniel@yesql.se>, Peter Eisentraut <peter@eisentraut.org>, "Koshi Shibagaki (Fujitsu)" <shibagaki.koshi@fujitsu.com>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>
Date: 2024-11-21T19:06:11Z
Lists: pgsql-hackers
On 11/19/24 18:12, Robert Haas wrote:
> On Tue, Nov 19, 2024 at 12:30 PM Joe Conway <mail@joeconway.com> wrote:
>> Any other opinions out there?
> 
> Why should we accept your patch (which adds a legacy_crypto_enabled
> GUC) instead of adopting the approach originally proposed (i.e. use
> the OpenSSL version of the functions)?


Because that idea was rejected earlier in the thread by multiple people 
other than me?

   ¯\_(ツ)_/¯


-- 
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com



Commits

  1. pgcrypto: Make it possible to disable built-in crypto

  2. pgcrypto: Add function to check FIPS mode

  3. citext: Allow tests to pass in OpenSSL FIPS mode

  4. pgcrypto: Remove non-OpenSSL support