Re: OpenSSL 3.0.0 vs old branches
Andrew Dunstan <andrew@dunslane.net>
From: Andrew Dunstan <andrew@dunslane.net>
To: Peter Eisentraut <peter.eisentraut@enterprisedb.com>,
PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2023-02-07T12:08:07Z
Lists: pgsql-hackers
On 2023-02-07 Tu 02:18, Peter Eisentraut wrote: > On 06.02.23 16:56, Andrew Dunstan wrote: >> I recently moved crake to a new machine running Fedora 36, which has >> OpenSSL 3.0.0. This causes the SSL tests to fail on branches earlier >> than release 13, so I propose to backpatch commit f0d2c65f17 to the >> release 11 and 12 branches. > > This is not the only patch that we did to support OpenSSL 3.0.0. There > was a very lengthy discussion that resulted in various patches. > Unless we have a complete analysis of what was done and how it affects > various branches, I would not do this. Notably, we did actually > consider what to backpatch, and the current state is the result of > that. So let's not throw that away without considering that > carefully. Even if it gets it to compile, I personally would not > *trust* it without that analysis. I think we should just leave it > alone and consider OpenSSL 3.0.0 unsupported in the branches were it > is now unsupported. OpenSSL 1.1.1 is still supported upstream to > serve those releases. The only thing this commit does is replace a DES encrypted key file with one encrypted with AES-256. It doesn't affect compilation at all, and shouldn't affect tests run with 1.1.1. I guess the alternatives are a) disable the SSL tests on branches <= 12 or b) completely disable building with SSL for branches <= 12. I would probably opt for a). I bet this crops up a few more times as OpenSSL 3.0.0 becomes more widespread, until release 12 goes EOL. cheers andrew -- Andrew Dunstan EDB:https://www.enterprisedb.com
Commits
-
Backpatch OpenSSL 3.0.0 compatibility in tests
- 6133a0f4c7c3 12.15 landed
- cab553a08e2d 11.20 landed
-
OpenSSL 3.0.0 compatibility in tests
- f0d2c65f17ca 13.0 cited
-
Remove support for OpenSSL 0.9.8 and 1.0.0
- 7b283d0e1d1d 13.0 cited