Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>, Daniel Gustafsson <daniel@yesql.se>, Thomas Munro <thomas.munro@gmail.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-04-03T23:24:25Z
Lists: pgsql-hackers
On Wed, Apr 03, 2024 at 01:38:50PM -0400, Tom Lane wrote: > The discussion we had last year concluded that we were OK with > dropping 1.0.1 support when RHEL6 goes out of extended support > (June 2024 per this thread, I didn't check it). Seems like we > should have the same policy for RHEL7. Also, calling Photon 3 > dead because it went EOL three days ago seems over-hasty. Yeah. A bunch of users of Photon are VMware (or you could say Broadcom) product appliances, and I'd suspect that quite a lot of them rely on Photon 3 for their base OS image. Upgrading that stuff is not easy work in my experience because they need to cope with a bunch of embedded services. > Bottom line for me is that pulling 1.0.1 support now is OK, > but I think pulling 1.0.2 is premature. Yeah, I guess so. At least that seems like the safest conclusion currently here. The build-time check on X509_get_signature_info() would still be required. I'd love being able to rip out the internal locking logic currently in libpq as LibreSSL has traces of CRYPTO_lock(), as far as I've checked, and we rely on its existence. -- Michael
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Remove obsolete unconstify()
- 1fb2308e698e 18.0 landed
-
Only perform pg_strong_random init when required
- c3333dbc0c0f 18.0 landed
-
Remove support for OpenSSL older than 1.1.0
- a70e01d4306f 18.0 landed
-
Support SSL_R_VERSION_TOO_LOW when using LibreSSL
- d80f2ce29465 17.0 landed
-
Support disallowing SSL renegotiation when using LibreSSL
- 44e27f0a6d07 17.0 landed
-
Doc: Use past tense for things which happened in the past
- 91d6429fad55 17.0 landed
-
Remove support for OpenSSL 1.0.1
- 8e278b657664 17.0 landed
-
Remove support for OpenSSL 0.9.8 and 1.0.0
- 7b283d0e1d1d 13.0 cited