Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: Michael Paquier <michael@paquier.xyz>, Tom Lane <tgl@sss.pgh.pa.us>, Thomas Munro <thomas.munro@gmail.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>, mikael.kjellstrom@gmail.com
Date: 2024-04-05T22:31:57Z
Lists: pgsql-hackers

Attachments

> On 5 Apr 2024, at 22:55, Jacob Champion <jacob.champion@enterprisedb.com> wrote:
> 
> On Fri, Apr 5, 2024 at 9:59 AM Daniel Gustafsson <daniel@yesql.se> wrote:
>> Attached is a WIP patch to get more eyes on it, the Meson test for 1.1.1 fails
>> on Windows in CI which I will investigate next.

The attached version fixes the Windows 1.1.1 check which was missing the
include directory.

> The changes for SSL_OP_NO_CLIENT_RENEGOTIATION and
> SSL_R_VERSION_TOO_LOW look good to me.

Thanks!

>> +++ b/src/include/pg_config.h.in
>> @@ -84,9 +84,6 @@
>> /* Define to 1 if you have the <crtdefs.h> header file. */
>> #undef HAVE_CRTDEFS_H
>> 
>> -/* Define to 1 if you have the `CRYPTO_lock' function. */
>> -#undef HAVE_CRYPTO_LOCK
> 
> An autoreconf run on my machine pulls in more changes (getting rid of
> the symbols we no longer check for).

Ah yes, missed updating before formatting the patch. Done in the attached.

--
Daniel Gustafsson

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove obsolete unconstify()

  2. Only perform pg_strong_random init when required

  3. Remove support for OpenSSL older than 1.1.0

  4. Support SSL_R_VERSION_TOO_LOW when using LibreSSL

  5. Support disallowing SSL renegotiation when using LibreSSL

  6. Doc: Use past tense for things which happened in the past

  7. Remove support for OpenSSL 1.0.1

  8. Remove support for OpenSSL 0.9.8 and 1.0.0