Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Paquier <michael@paquier.xyz>
Cc: Jacob Champion <jchampion@timescale.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2023-06-02T08:35:43Z
Lists: pgsql-hackers
> On 27 May 2023, at 04:02, Michael Paquier <michael@paquier.xyz> wrote:

> Making the build fail straight when setting up things is OK
> by me, but I am not convinced that X509_get_signature_nid() would be
> the right choice for the job, as it is an OpenSSL artifact originally,
> AFAIK.

I think we should avoid the is-defined-in dance and just pull out the version
numbers for comparisons.  While it's true that LibreSSL doesn't play well with
OpenSSL versions, they do define their own which can be checked for to
distinguish the libraries.

--
Daniel Gustafsson




Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove obsolete unconstify()

  2. Only perform pg_strong_random init when required

  3. Remove support for OpenSSL older than 1.1.0

  4. Support SSL_R_VERSION_TOO_LOW when using LibreSSL

  5. Support disallowing SSL renegotiation when using LibreSSL

  6. Doc: Use past tense for things which happened in the past

  7. Remove support for OpenSSL 1.0.1

  8. Remove support for OpenSSL 0.9.8 and 1.0.0