Re: OpenSSL 3.0.0 compatibility - Mailing list pgsql-hackers

From Daniel Gustafsson
Subject Re: OpenSSL 3.0.0 compatibility
Date
Msg-id BC256EC9-F176-4D7F-989C-A72AAC14973D@yesql.se
Whole thread Raw
In response to Re: OpenSSL 3.0.0 compatibility  (Michael Paquier <michael@paquier.xyz>)
List pgsql-hackers
> On 20 Jul 2021, at 09:54, Michael Paquier <michael@paquier.xyz> wrote:
>
> On Tue, Jul 20, 2021 at 01:23:42AM +0200, Daniel Gustafsson wrote:
>> Another aspect of OpenSSL 3 compatibility is that of legacy cipher support, and
>> as we concluded upthread it's best to leave that to the user to define in
>> openssl.cnf.  The attached 0002 adds alternative output files for 3.0.0
>> installations without the legacy provider loaded, as well as adds a note in the
>> pgcrypto docs to enable it in case DES is needed.  It does annoy me a bit that
>> we don't load the openssl.cnf file for 1.0.1 if we start mentioning it in the
>> docs for other versions, but it's probably not worth the effort to fix it given
>> the lack of complaints so far (it needs a call to OPENSSL_config(NULL); guarded
>> to HAVE_ macros for 1.0.1).
>
> Sounds sensible as a whole.

Thanks for reviewing!

> Another thing I can notice is that
> OpenSSL 3.0.0beta1 has taken care of the issue causing diffs in the
> tests of src/test/ssl/.  So once pgcrypto is addressed, it looks like
> there is nothing left for this thread.

That's a good point, I forgot to bring that up.

--
Daniel Gustafsson        https://vmware.com/




pgsql-hackers by date:

Previous
From: Tomas Vondra
Date:
Subject: Re: logical decoding and replication of sequences
Next
From: Ranier Vilela
Date:
Subject: Re: Signed vs Unsigned (take 2) (src/backend/storage/ipc/procarray.c)