Re: OpenSSL 3.0.0 vs old branches

Andrew Dunstan <andrew@dunslane.net>

From: Andrew Dunstan <andrew@dunslane.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2023-02-06T21:19:30Z
Lists: pgsql-hackers
On 2023-02-06 Mo 11:13, Tom Lane wrote:
> Andrew Dunstan<andrew@dunslane.net>  writes:
>> I recently moved crake to a new machine running Fedora 36, which has
>> OpenSSL 3.0.0. This causes the SSL tests to fail on branches earlier
>> than release 13, so I propose to backpatch commit f0d2c65f17 to the
>> release 11 and 12 branches.
> Hmm ... according to that commit message,
>
>    Note that the minimum supported OpenSSL version is 1.0.1 as of
>    7b283d0e1d1d79bf1c962d790c94d2a53f3bb38a, so this does not introduce
>    any new version requirements.
>
> So presumably, changing this test would break it for OpenSSL 0.9.8,
> which is still nominally supported in those branches.  On the other
> hand, this test isn't run by default, so users would likely never
> notice anyway.
>
> On the whole, +1 for doing this (after the release freeze lifts).
>
> 			


Presumably we don't have any buildfarm animals running with such old 
versions of openssl, or they would be failing the same test on release 
 >= 13.


I'll push this in due course.


cheers


andrew

--
Andrew Dunstan
EDB:https://www.enterprisedb.com

Commits

  1. Backpatch OpenSSL 3.0.0 compatibility in tests

  2. OpenSSL 3.0.0 compatibility in tests

  3. Remove support for OpenSSL 0.9.8 and 1.0.0