Re: PostgreSQL12 and older versions of OpenSSL - Mailing list pgsql-hackers

From Tom Lane
Subject Re: PostgreSQL12 and older versions of OpenSSL
Date
Msg-id 18143.1569477792@sss.pgh.pa.us
Whole thread Raw
In response to Re: PostgreSQL12 and older versions of OpenSSL  (Michael Paquier <michael@paquier.xyz>)
Responses Re: PostgreSQL12 and older versions of OpenSSL
List pgsql-hackers
Michael Paquier <michael@paquier.xyz> writes:
> Now that I think about it, another method would be to rely on the fact
> that a given version of OpenSSL does not support TLS 1.1 and 1.2.  So
> we could also just add checks based on OPENSSL_VERSION_NUMBER and be
> done with it.

No, that way madness lies.  We *know* that there are lots of
vendor-patched versions of OpenSSL out there, so that the nominal
version number isn't really going to tell us what the package can do.

What I'm concerned about at the moment is Peter's comment upthread
that what we seem to be dealing with here is a broken vendor patch,
not any officially-released OpenSSL version at all.  Is it our job
to work around that situation, rather than pushing the vendor to
fix their patch?

            regards, tom lane



pgsql-hackers by date:

Previous
From: Looserof7
Date:
Subject: WAL records
Next
From: Youki Shiraishi
Date:
Subject: Add comments for a postgres program in bootstrap mode