Re: OpenSSL 1.1 breaks configure and more
Heikki Linnakangas <hlinnaka@iki.fi>
From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Christoph Berg <myon@debian.org>,
Michael Paquier <michael.paquier@gmail.com>,
Andreas Karlsson <andreas@proxel.se>, Victor Wagner <vitus@wagner.pp.ru>,
pgsql-hackers@postgresql.org, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2016-09-15T20:00:29Z
Lists: pgsql-hackers
On 09/15/2016 05:33 PM, Christoph Berg wrote: > Re: Michael Paquier 2016-09-15 <CAB7nPqQu1GpMzkB4S6XO0_+1cAUx==RDVF70vCmDytuA=nCHiQ@mail.gmail.com> >> On Thu, Sep 15, 2016 at 8:57 PM, Heikki Linnakangas <hlinnaka@iki.fi> wrote: >>> I backpatched this to 9.5, but not further than that. The functions this >>> modified were moved around in 9.5, so the patch wouldn't apply as is. It >>> wouldn't be difficult to back-patch further if there's demand, but I'm not >>> eager to do that until someone complains. >> >> Not going older than 9.5 may be fine: >> https://www.openssl.org/blog/blog/2014/12/23/the-new-release-strategy/ >> https://wiki.freebsd.org/OpenSSL >> As far as I can see 1.0.2 would be supported until Dec 2019, so that >> would just overlap with 9.4's EOL. > > I'm afraid it's not that easy - Debian 9 (stretch) will release at the > beginning of next year, and apt.postgresql.org will want to build > 9.2/9.3/9.4 for that distribution. I guess yum.postgresql.org will > have the same problem with the next Fedora release. Can you elaborate? Are you saying that Debian 9 (strect) will not ship OpenSSL 1.0.2 anymore, and will require using OpenSSL 1.1.0? - Heikki
Commits
-
Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.
- fbfeceb25362 9.3.17 landed
- 58384149bdbd 9.2.21 landed