Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Jacob Champion <jchampion@timescale.com>
Cc: Daniel Gustafsson <daniel@yesql.se>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2023-05-27T02:02:41Z
Lists: pgsql-hackers
On Fri, May 26, 2023 at 09:10:17AM -0700, Jacob Champion wrote:
> Can X509_get_signature_nid be moved to the required section up above?
> As it is now, anyone configuring with -Dssl=auto can still pick up a
> 1.0.1 build, which Meson accepts, and then the build fails downstream.
> If we require the function instead, Meson will ignore 1.0.1 (or, for
> -Dssl=openssl, complain before we compile).

Yes, I was wondering a bit if something more should be marked as
required, but just saw more value in removing all references to this
function.  Making the build fail straight when setting up things is OK
by me, but I am not convinced that X509_get_signature_nid() would be
the right choice for the job, as it is an OpenSSL artifact originally,
AFAIK.

The same problem exists with OpenSSL 1.0.0 on HEAD when building with
meson?  CRYPTO_new_ex_data() and SSL_new() exist there.

> t/001_ssltests.pl has a reference to 1.0.1 that can probably be
> entirely deleted:
> 
>     # ... (Nor for OpenSSL
>     # 1.0.1, but that's old enough that accommodating it isn't worth the cost.)

Not touching that is intentional.  It sounded useful to me as an
historic reference for LibreSSL ;)
--
Michael

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove obsolete unconstify()

  2. Only perform pg_strong_random init when required

  3. Remove support for OpenSSL older than 1.1.0

  4. Support SSL_R_VERSION_TOO_LOW when using LibreSSL

  5. Support disallowing SSL renegotiation when using LibreSSL

  6. Doc: Use past tense for things which happened in the past

  7. Remove support for OpenSSL 1.0.1

  8. Remove support for OpenSSL 0.9.8 and 1.0.0