Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Paquier <michael@paquier.xyz>
Cc: Peter Eisentraut <peter@eisentraut.org>, Jacob Champion <jacob.champion@enterprisedb.com>, Thomas Munro <thomas.munro@gmail.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>, mikael.kjellstrom@gmail.com, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2024-04-27T18:32:19Z
Lists: pgsql-hackers
> On 25 Apr 2024, at 05:49, Michael Paquier <michael@paquier.xyz> wrote:
> 
> On Wed, Apr 24, 2024 at 01:31:12PM +0200, Daniel Gustafsson wrote:
>> Done.  Attached are the two remaining patches, rebased over HEAD, for removing
>> support for OpenSSL 1.0.2 in v18. Parking them in the commitfest for now.
> 
> You have mentioned once upthread the documentation of PQinitOpenSSL():
>   However, this is unnecessary when using <productname>OpenSSL</productname>
>   version 1.1.0 or later, as duplicate initializations are no longer problematic.
> 
> With 1.0.2's removal in place, this could be simplified more and the
> patch does not touch it.  This relates also to pq_init_crypto_lib,
> which is gone with 0001.  Of course, it is not possible to just remove
> PQinitOpenSSL() or old application may fail linking.  Removing
> pq_init_crypto_lib reduces any confusion around this part of the
> initialization.

That's a good point, there is potential for more code removal here.  The
attached 0001 takes a stab at it while it's fresh in mind, I'll revisit before
the July CF to see if there is more that can be done.

--
Daniel Gustafsson





Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove obsolete unconstify()

  2. Only perform pg_strong_random init when required

  3. Remove support for OpenSSL older than 1.1.0

  4. Support SSL_R_VERSION_TOO_LOW when using LibreSSL

  5. Support disallowing SSL renegotiation when using LibreSSL

  6. Doc: Use past tense for things which happened in the past

  7. Remove support for OpenSSL 1.0.1

  8. Remove support for OpenSSL 0.9.8 and 1.0.0