Re: OpenSSL 3.0.0 compatibility

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Jelte Fennema <postgres@jeltef.nl>
Cc: Peter Eisentraut <peter.eisentraut@enterprisedb.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, Tom Lane <tgl@sss.pgh.pa.us>, Michael Paquier <michael@paquier.xyz>
Date: 2022-06-29T10:59:32Z
Lists: pgsql-hackers
> On 29 Jun 2022, at 11:44, Jelte Fennema <postgres@jeltef.nl> wrote:
> 
>> See upthread in ef5c7896-20cb-843f-e91e-0ee5f7fd932e@enterprisedb.com
> 
> I saw that section, but I thought that only applied before you
> backpatched the actual fixes to PG13 and below. I mean there's no
> reason anymore not to compile those older versions with OpenSSL 3.0,
> right? If so, it seems confusing for the build to spit out warnings
> that indicate the contrary.

The project isn't automatically fixing compiler warnings or library deprecation
warnings in back-branches.  I guess one could make the argument for this case
given how widespread OpenSSL 3.0, but it comes with a significant testing
effort to ensure that all back-branches behave correctly with all version of
OpenSSL so it's not for free (it should be, but with OpenSSL I would personally
not trust that).  Also, PG12 and below had 0.9.8 as minimum version.

--
Daniel Gustafsson		https://vmware.com/




Commits

  1. Define OPENSSL_API_COMPAT

  2. Add alternative output for OpenSSL 3 without legacy loaded

  3. Disable OpenSSL EVP digest padding in pgcrypto

  4. pgcrypto: Check for error return of px_cipher_decrypt()

  5. OpenSSL 3.0.0 compatibility in tests

  6. Make ssl certificate for ssl_passphrase_callback test via Makefile

  7. Provide a TLS init hook