Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Paquier <michael@paquier.xyz>
Cc: Peter Eisentraut <peter@eisentraut.org>, Jacob Champion <jacob.champion@enterprisedb.com>, Thomas Munro <thomas.munro@gmail.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>, mikael.kjellstrom@gmail.com, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2024-05-03T08:39:15Z
Lists: pgsql-hackers
> On 1 May 2024, at 06:21, Michael Paquier <michael@paquier.xyz> wrote:

> My remark was originally about pq_init_crypto_lib that does the
> locking initialization, and your new patch a bit more, as of:
> 
> ...
> 
> So +1 to remove all this code after a closer lookup.

Thanks for review.

>  I would
> recommend to update the documentation of PQinitSSL and PQinitOpenSSL
> to tell that these become useless and are deprecated.

They are no-ops when linking against v18, but writing an extension which
targets all supported versions of postgres along with their respective
supported OpenSSL versions make them still required, or am I missing something?

>    ERR_clear_error();
> -
> #ifdef USE_RESOWNER_FOR_HMAC
> 
> Some noise diff.

Will fix with a new rebase when once the tree has settled down from the
post-freeze fixups in this area.

--
Daniel Gustafsson




Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove obsolete unconstify()

  2. Only perform pg_strong_random init when required

  3. Remove support for OpenSSL older than 1.1.0

  4. Support SSL_R_VERSION_TOO_LOW when using LibreSSL

  5. Support disallowing SSL renegotiation when using LibreSSL

  6. Doc: Use past tense for things which happened in the past

  7. Remove support for OpenSSL 1.0.1

  8. Remove support for OpenSSL 0.9.8 and 1.0.0