Re: OpenSSL 3.0.0 compatibility

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Peter Eisentraut <peter.eisentraut@enterprisedb.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2021-09-25T10:03:29Z
Lists: pgsql-hackers
On Sat, Sep 25, 2021 at 11:55:03AM +0200, Daniel Gustafsson wrote:
> These have now been pushed to 14 through to 10 ahead of next week releases, I
> will keep an eye on caiman as it builds these branches.  The OpenSSL support in
> 9.6 pgcrypto isn't using the EVP API (committed in 5ff4a67f63) so it's a bit
> trickier to get green,

Thanks!  As 9.6 will be EOL'd in a couple of weeks, is that really
worth the effort though?  It sounds risky to me to introduce an
invasive change as that would increase the risk of bugs for existing
users.  So my vote would be to just let this one go.

> but I'll take a stab at that when my fever goes down a bit.

Ouch.  Take care!
--
Michael

Commits

  1. Define OPENSSL_API_COMPAT

  2. Add alternative output for OpenSSL 3 without legacy loaded

  3. Disable OpenSSL EVP digest padding in pgcrypto

  4. pgcrypto: Check for error return of px_cipher_decrypt()

  5. OpenSSL 3.0.0 compatibility in tests

  6. Make ssl certificate for ssl_passphrase_callback test via Makefile

  7. Provide a TLS init hook