Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?
Peter Eisentraut <peter@eisentraut.org>
From: Peter Eisentraut <peter@eisentraut.org>
To: Daniel Gustafsson <daniel@yesql.se>, Michael Paquier <michael@paquier.xyz>
Cc: Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-09-10T08:01:22Z
Lists: pgsql-hackers
Attachments
- 0001-Remove-obsolete-unconstify.patch (text/plain) patch 0001
On 02.09.24 14:26, Daniel Gustafsson wrote: >> On 2 Sep 2024, at 10:03, Daniel Gustafsson <daniel@yesql.se> wrote: >> >>> On 23 Aug 2024, at 01:56, Michael Paquier <michael@paquier.xyz> wrote: >>> >>> On Thu, Aug 22, 2024 at 11:13:15PM +0200, Daniel Gustafsson wrote: >>>> On 22 Aug 2024, at 02:31, Michael Paquier <michael@paquier.xyz> wrote: >>>>> Just do it :) >>>> >>>> That's my plan, I wanted to wait a bit to see if anyone else chimed in with >>>> concerns. >>> >>> Cool, thanks! >> >> Attached is a rebased v15 (only changes are commit-message changes noted by >> Peter upthread) for the sake of archives, and for a green-check run in the >> CFBot. Assuming this builds green I intend to push this. > > And pushed. All BF owners with animals using 1.0.2 have been notified but not > all have been updated (or modified to skip SSL) so there will be some failing. A small follow-up for this: With the current minimum OpenSSL version being 1.1.0, we can remove an unconstify() call; see attached patch. See this OpenSSL commit: <https://github.com/openssl/openssl/commit/8ab31975ba>. The analogous LibreSSL change is here: <https://cvsweb.openbsd.org/src/lib/libcrypto/bio/bss_mem.c?rev=1.17&content-type=text/x-cvsweb-markup>. I don't know if we have a concrete minimum LibreSSL version, but the change is about as old as the OpenSSL change.
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Remove obsolete unconstify()
- 1fb2308e698e 18.0 landed
-
Only perform pg_strong_random init when required
- c3333dbc0c0f 18.0 landed
-
Remove support for OpenSSL older than 1.1.0
- a70e01d4306f 18.0 landed
-
Support SSL_R_VERSION_TOO_LOW when using LibreSSL
- d80f2ce29465 17.0 landed
-
Support disallowing SSL renegotiation when using LibreSSL
- 44e27f0a6d07 17.0 landed
-
Doc: Use past tense for things which happened in the past
- 91d6429fad55 17.0 landed
-
Remove support for OpenSSL 1.0.1
- 8e278b657664 17.0 landed
-
Remove support for OpenSSL 0.9.8 and 1.0.0
- 7b283d0e1d1d 13.0 cited