Re: OpenSSL 1.1 breaks configure and more
Heikki Linnakangas <hlinnaka@iki.fi>
From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Tom Lane <tgl@sss.pgh.pa.us>,
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Andreas Karlsson <andreas@proxel.se>, Victor Wagner <vitus@wagner.pp.ru>,
pgsql-hackers@postgresql.org, Christoph Berg <myon@debian.org>
Date: 2016-08-26T17:04:07Z
Lists: pgsql-hackers
On 08/26/2016 07:44 PM, Tom Lane wrote: > Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes: >> On 8/26/16 5:31 AM, Heikki Linnakangas wrote: >>> I think now would be a good time to drop support for OpenSSL versions >>> older than 0.9.8. OpenSSL don't even support 0.9.8 anymore, although >>> there are probably distributions out there that still provide patches >>> for it. But OpenSSL 0.9.7 and older are really not interesting for >>> PostgreSQL 10 anymore, I think. > >> CentOS 5 currently ships 0.9.8e. That's usually the oldest OS we want >> to support eagerly. > > Also, I get this on fully-up-to-date OS X (El Capitan): > > $ openssl version > OpenSSL 0.9.8zh 14 Jan 2016 Ok, sold, let's remove support for OpenSSL < 0.9.8. > Worth noting though is that without -Wno-deprecated-declarations, you > find that Apple has sprinkled the entire OpenSSL API with deprecation > warnings. That suggests that their plan for the future is to drop it > rather than update it. Should we be thinking ahead to that? Yeah, they want people to move to their own SSL library [1]. I doubt they will actually remove it any time soon, but who knows. It would be a good project for someone with an OS X system and some spare time, to write a patch to build with OS X's native SSL library instead of OpenSSL. The code is structured nicely to enable that now. [1] I couldn't find any official statement, but lots of blog posts saying the same thing. - Heikki
Commits
-
Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.
- fbfeceb25362 9.3.17 landed
- 58384149bdbd 9.2.21 landed