Re: OpenSSL 3.0.0 compatibility

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Michael Paquier <michael@paquier.xyz>, Peter Eisentraut <peter.eisentraut@enterprisedb.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-09-25T13:45:29Z
Lists: pgsql-hackers
Daniel Gustafsson <daniel@yesql.se> writes:
>> On 25 Sep 2021, at 12:03, Michael Paquier <michael@paquier.xyz> wrote:
>> As 9.6 will be EOL'd in a couple of weeks, is that really
>> worth the effort though?  It sounds risky to me to introduce an
>> invasive change as that would increase the risk of bugs for existing
>> users.  So my vote would be to just let this one go.

> Agreed, if it's not a simple fix it's unlikely to be worth it.

Yeah, there will be no second chance to get 9.6.last right,
so I'd vote against touching it for this.

			regards, tom lane



Commits

  1. Define OPENSSL_API_COMPAT

  2. Add alternative output for OpenSSL 3 without legacy loaded

  3. Disable OpenSSL EVP digest padding in pgcrypto

  4. pgcrypto: Check for error return of px_cipher_decrypt()

  5. OpenSSL 3.0.0 compatibility in tests

  6. Make ssl certificate for ssl_passphrase_callback test via Makefile

  7. Provide a TLS init hook