Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Robins Tharakan <tharakan@gmail.com>

From: Robins Tharakan <tharakan@gmail.com>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Jacob Champion <jacob.champion@enterprisedb.com>, Thomas Munro <thomas.munro@gmail.com>, Michael Paquier <michael@paquier.xyz>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-12-17T02:54:49Z
Lists: pgsql-hackers
Hi,

On Thu, 4 Apr 2024 at 05:42, Daniel Gustafsson <daniel@yesql.se> wrote:

>
> massasauga and snakefly run the ssl_passphrase_callback-check test but
> none of
> these run the ssl-check tests AFAICT, so we have very low coverage as is.
> The
> fact that very few animals run the ssl tests is a pet peeve of mine, it
> would
> be nice if we could get broader coverage there.
>


I am quite late to this discussion, but I am unable to get snakefly up and
running,
i.e. I see that all versions failed today (most on
ssl_passphrase_callback-check
test [2], but v15/v16 on sslCheck [1] too)

This machine has OpenSSL v1.0.2k so I am not expecting it to work on v17+,
but I was assuming at least the older versions should still be working.
Also despite
adding --without-openssl the older versions still fail [2].

Is upgrading OpenSSL the only way to get snakefly back to green?

Reference:
1.
https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=snakefly&dt=2024-12-16%2014%3A04%3A25
2.
https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=snakefly&dt=2024-12-16%2014%3A01%3A21

-
robins

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove obsolete unconstify()

  2. Only perform pg_strong_random init when required

  3. Remove support for OpenSSL older than 1.1.0

  4. Support SSL_R_VERSION_TOO_LOW when using LibreSSL

  5. Support disallowing SSL renegotiation when using LibreSSL

  6. Doc: Use past tense for things which happened in the past

  7. Remove support for OpenSSL 1.0.1

  8. Remove support for OpenSSL 0.9.8 and 1.0.0