Re: Update minimum SSL version
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Magnus Hagander <magnus@hagander.net>, Daniel Gustafsson <daniel@yesql.se>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-11-30T02:43:45Z
Lists: pgsql-hackers
On Fri, Nov 29, 2019 at 10:30:47AM -0500, Tom Lane wrote: > What's the impact going to be on buildfarm members with older openssl > installations? Perhaps "none", if they aren't running the ssl test > suite, but we should be clear about it. The buildfarm logs don't directly report the version of OpenSSL used as far as I recalled, and a quick lookup shows that.. Anyway, I recall that all Windows buildfarm members linking to OpenSSL use at least 1.0.2 on HEAD. For the others, I would be ready to suspect that some of them are still using 0.9.8 and 1.0.0. Anyway, as we still support OpenSSL down to 0.9.8 on HEAD, shouldn't we just patch the SSL TAP tests to make sure that we don't enforce an incorrect minimum version at configuration time? [... thinks more ...] Actually, no, what I am writing here is incorrect. We should make sure of that the default configuration is correct at initdb time, and the patch does not do that. -- Michael
Commits
-
Fix handling of OpenSSL's SSL_clear_options
- 7ad544fd8e45 11.7 landed
- 902276ff1309 12.2 landed
- 7d0bcb047717 13.0 landed
-
Remove configure check for OpenSSL's SSL_get_current_compression()
- 28f4bba66b57 13.0 landed
-
Update minimum SSL version
- b1abfec82547 13.0 landed