Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Jacob Champion <jacob.champion@enterprisedb.com>

From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Peter Eisentraut <peter@eisentraut.org>
Cc: Daniel Gustafsson <daniel@yesql.se>, Michael Paquier <michael@paquier.xyz>, Thomas Munro <thomas.munro@gmail.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>, mikael.kjellstrom@gmail.com, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2024-04-10T13:10:56Z
Lists: pgsql-hackers
On Wed, Apr 10, 2024 at 12:31 AM Peter Eisentraut <peter@eisentraut.org> wrote:
> * src/backend/libpq/be-secure-openssl.c
>
> +#include <openssl/bn.h>
>
> This patch doesn't appear to add anything, so why does it need a new
> include?

This one was mine -- it was an indirect header dependency that was
effectively removed in 1.1.0 and later, due to the bump to
OPENSSL_API_COMPAT [1]. We have to depend on it directly now.

--Jacob

[1] https://github.com/openssl/openssl/blob/b372b1f764/include/openssl/dh.h#L20-L22



Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove obsolete unconstify()

  2. Only perform pg_strong_random init when required

  3. Remove support for OpenSSL older than 1.1.0

  4. Support SSL_R_VERSION_TOO_LOW when using LibreSSL

  5. Support disallowing SSL renegotiation when using LibreSSL

  6. Doc: Use past tense for things which happened in the past

  7. Remove support for OpenSSL 1.0.1

  8. Remove support for OpenSSL 0.9.8 and 1.0.0