Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Paquier <michael@paquier.xyz>
Cc: Peter Eisentraut <peter@eisentraut.org>, Jacob Champion <jacob.champion@enterprisedb.com>, Thomas Munro <thomas.munro@gmail.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>, mikael.kjellstrom@gmail.com, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2024-05-07T10:36:24Z
Lists: pgsql-hackers

Attachments

> On 7 May 2024, at 01:31, Michael Paquier <michael@paquier.xyz> wrote:
> 
> On Fri, May 03, 2024 at 10:39:15AM +0200, Daniel Gustafsson wrote:
>> They are no-ops when linking against v18, but writing an extension which
>> targets all supported versions of postgres along with their respective
>> supported OpenSSL versions make them still required, or am I missing something?
> 
> Yeah, that depends on how much version you expect your application to
> work on.  Still it seems to me that there's value in mentioning that
> if your application does not care about anything older than OpenSSL 
> 1.1.0, like PG 18 assuming that this patch is merged, then these calls
> are pointless for HEAD.  The routine definitions would be around only
> for the .so compatibility.

Fair enough.  I've taken a stab at documenting that the functions are
deprecated, while at the same time documenting when and how they can be used
(and be useful).  The attached also removes one additional comment in the
testcode which is now obsolete (since removing 1.0.1 support really), and fixes
the spurious whitespace you detected upthread.

--
Daniel Gustafsson

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove obsolete unconstify()

  2. Only perform pg_strong_random init when required

  3. Remove support for OpenSSL older than 1.1.0

  4. Support SSL_R_VERSION_TOO_LOW when using LibreSSL

  5. Support disallowing SSL renegotiation when using LibreSSL

  6. Doc: Use past tense for things which happened in the past

  7. Remove support for OpenSSL 1.0.1

  8. Remove support for OpenSSL 0.9.8 and 1.0.0