Re: OpenSSL 1.1 breaks configure and more

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Andreas Karlsson <andreas@proxel.se>
Cc: Heikki Linnakangas <hlinnaka@iki.fi>, Victor Wagner <vitus@wagner.pp.ru>, pgsql-hackers@postgresql.org, Christoph Berg <myon@debian.org>
Date: 2016-09-05T00:23:43Z
Lists: pgsql-hackers
Andreas Karlsson <andreas@proxel.se> writes:
> On 08/30/2016 08:42 AM, Heikki Linnakangas wrote:
>> PS. I just remembered that I've wanted to refactor the pgcrypto calls
>> for symmetric encryption to use the newer EVP API for some time, and
>> even posted a patch for that
>> (https://www.postgresql.org/message-id/561274F1.1030000@iki.fi). I
>> dropped the ball back then, but I think I'll go ahead and do that now,
>> once we get these other OpenSSL changes in.

> Nice!

Judging by the number of people who have popped up recently with their
own OpenSSL 1.1 patches, I think there is going to be a lot of demand for
back-patching some sort of 1.1 support into our back branches.  All this
talk of refactoring does not sound very back-patchable.  Should we be
thinking of what we can extract that is back-patchable?

			regards, tom lane


Commits

  1. Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.