Re: Remove deprecation warnings when compiling PG ~13 with OpenSSL 3.0~
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Peter Eisentraut <peter@eisentraut.org>
Cc: Daniel Gustafsson <daniel@yesql.se>, Andres Freund <andres@anarazel.de>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2023-06-22T22:22:54Z
Lists: pgsql-hackers
On Thu, Jun 22, 2023 at 08:08:54PM +0200, Peter Eisentraut wrote:
> The message linked to above also says:
>
>> I'm not sure. I don't have a good sense of what OpenSSL versions we
>> claim to support in branches older than PG13. We made a conscious
>> decision for 1.0.1 in PG13, but I seem to recall that that discussion
>> also revealed that the version assumptions before that were quite
>> inconsistent. Code in PG12 and before makes references to OpenSSL as
>> old as 0.9.6. But OpenSSL 3.0.0 will reject a compat level older than
>> 0.9.8.
Well, I highly doubt that anybody has tried to compile Postgres 12
with OpenSSL 0.9.7 for a few years. If they attempt to do so, the
compilation fails:
<command-line>: note: this is the location of the previous definition
In file included from ../../src/include/common/scram-common.h:16,
from scram-common.c:23:
../../src/include/common/sha2.h:73:9: error: unknown type name ‘SHA256_CTX’
73 | typedef SHA256_CTX pg_sha256_ctx;
One reason is that SHA256_CTX is defined in OpenSSL 0.9.8
crypto/sha/sha.h, but this exists only in fips-1.0 in OpenSSL 0.9.7,
while we rely on SHA256_CTX in src/common/ since SCRAM exists.
Also, note that the documentation claims that the minimum version of
OpenSSL supported is 0.9.8, which is something that commit 9b7cd59 has
done, impacting Postgres 10~. So your argument looks incorrect to me?
Honestly, I see no reason to not move on with this and remove these
deprecation warnings as proposed by the last patches sent. (I have
run builds with 0.9.8, FWIW.)
--
Michael
Commits
-
Define OPENSSL_API_COMPAT
- 96f96398d398 11.21 landed
- 265c9138da58 12.16 landed
- 8aa9a26236aa 13.12 landed
-
Remove support for OpenSSL versions older than 0.9.8.
- 9b7cd59af1af 10.0 cited