Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~? - Mailing list pgsql-hackers

From Daniel Gustafsson
Subject Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?
Date
Msg-id C88E69F7-3B3B-411D-B7C9-8BFEFB444C5E@yesql.se
Whole thread Raw
In response to Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?
List pgsql-hackers
> On 3 Apr 2024, at 17:29, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Jacob Champion <jacob.champion@enterprisedb.com> writes:
>> As far as I can tell, no versions of LibreSSL so far provide
>> X509_get_signature_info(), so this patch is probably a bit too
>> aggressive.
>
> Another problem with cutting support is how many buildfarm members
> will we lose.  I scraped recent configure logs and got the attached
> results.  I count 3 machines running 1.0.1,

Support for 1.0.1 was removed with 8e278b657664 in July 2023 so those are not
building with OpenSSL enabled already.

> 18 running some flavor of 1.0.2,

massasauga and snakefly run the ssl_passphrase_callback-check test but none of
these run the ssl-check tests AFAICT, so we have very low coverage as is.  The
fact that very few animals run the ssl tests is a pet peeve of mine, it would
be nice if we could get broader coverage there.

Worth noting is that the OpenSSL check in configure.ac only reports what the
version of the OpenSSL binary in $PATH is, not which version of the library
that we build against (using --with-libs/--with-includes etc).

--
Daniel Gustafsson




pgsql-hackers by date:

Previous
From: Daniel Gustafsson
Date:
Subject: Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?
Next
From: Robert Haas
Date:
Subject: Re: On disable_cost