Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Peter Eisentraut <peter@eisentraut.org>

From: Peter Eisentraut <peter@eisentraut.org>
To: Daniel Gustafsson <daniel@yesql.se>, Michael Paquier <michael@paquier.xyz>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>, Thomas Munro <thomas.munro@gmail.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>, mikael.kjellstrom@gmail.com, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2024-07-11T21:22:50Z
Lists: pgsql-hackers
On 07.05.24 11:36, Daniel Gustafsson wrote:
>> Yeah, that depends on how much version you expect your application to
>> work on.  Still it seems to me that there's value in mentioning that
>> if your application does not care about anything older than OpenSSL
>> 1.1.0, like PG 18 assuming that this patch is merged, then these calls
>> are pointless for HEAD.  The routine definitions would be around only
>> for the .so compatibility.
> 
> Fair enough.  I've taken a stab at documenting that the functions are
> deprecated, while at the same time documenting when and how they can be used
> (and be useful).  The attached also removes one additional comment in the
> testcode which is now obsolete (since removing 1.0.1 support really), and fixes
> the spurious whitespace you detected upthread.

The 0001 patch removes the functions pgtls_init_library() and 
pgtls_init() but keeps the declarations in libpq-int.h.  This should be 
fixed.




Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove obsolete unconstify()

  2. Only perform pg_strong_random init when required

  3. Remove support for OpenSSL older than 1.1.0

  4. Support SSL_R_VERSION_TOO_LOW when using LibreSSL

  5. Support disallowing SSL renegotiation when using LibreSSL

  6. Doc: Use past tense for things which happened in the past

  7. Remove support for OpenSSL 1.0.1

  8. Remove support for OpenSSL 0.9.8 and 1.0.0