Re: OpenSSL 3.0.0 compatibility

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Tom Lane <tgl@sss.pgh.pa.us>, Peter Eisentraut <peter.eisentraut@enterprisedb.com>
Cc: Michael Paquier <michael@paquier.xyz>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-08-06T19:14:15Z
Lists: pgsql-hackers
> On 6 Aug 2021, at 21:01, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> 
> Peter Eisentraut <peter.eisentraut@enterprisedb.com> writes:
>> Are you going to commit these?

Absolutely, a combination of unplanned home renovations and vacations changed
my plans a bit recently.

> Note that with release wraps scheduled for Monday, we are probably
> already past the time when it'd be wise to push anything that has
> a significant chance of introducing portability issues.  There's
> just not much time to deal with it if the buildfarm shows problems.
> So unless you intend this as HEAD-only, I'd counsel waiting for the
> release window to pass.

Until there is an animal running OpenSSL 3.0.0 in the buildfarm I think this
should be HEAD only.  Further down the line we need to support OpenSSL 3 in all
backbranches IMO since they are all equally likely to be compiled against it,
but not until we can regularly test against it in the farm.

--
Daniel Gustafsson		https://vmware.com/




Commits

  1. Define OPENSSL_API_COMPAT

  2. Add alternative output for OpenSSL 3 without legacy loaded

  3. Disable OpenSSL EVP digest padding in pgcrypto

  4. pgcrypto: Check for error return of px_cipher_decrypt()

  5. OpenSSL 3.0.0 compatibility in tests

  6. Make ssl certificate for ssl_passphrase_callback test via Makefile

  7. Provide a TLS init hook