> On 26 Nov 2020, at 09:08, Michael Paquier <michael@paquier.xyz> wrote:
>
> On Tue, Sep 29, 2020 at 12:25:05PM +0200, Daniel Gustafsson wrote:
>> The attached adds config loading to pgcrypto for < 1.1.0 and a doc notice for
>> enabling the legacy provider in 3.0.0. This will require an alternative output
>> file for non-legacy configs, but that should wait until 3.0.0 is GA since the
>> returned error messages have changed over course of development and may not be
>> set in stone just yet.
>
> FWIW, testing with 3.0.0-alpha9 dev (2d84089), I can see that the
> error we have in our SSL tests when using a wrong password in the
> private PEM key leads now to "PEM lib" instead of "bad decrypt".
>
> Upthread, we had "nested asn1 error":
> https://www.postgresql.org/message-id/9CE70AF4-E1A0-4D24-86FA-4C3067077897@yesql.se
> It looks like not everything is sorted out there yet.
>
> pgcrypto is also throwing new errors. Daniel, what if we let this
> patch aside until upstream has sorted out their stuff?
Well, the patch as it stands isn't changing any expected output at all, and
only adds a docs notice for OpenSSL 3.0.0 conformance. The gist of the patch
is to ensure that all supported versions of OpenSSL are initialized equally as
currently < 1.1.0 are bypassing the local openssl config, where 1.1.0+ isn't.
So I still think this patch is worth considering.
Regarding test output: it's clear that we'll need to revisit this as the dust
settles on OpenSSL 3.0.0, but as you say there is no use in doing anything
until it has. According to their tracker they are, at this time of writing,
64% complete on the milestone to reach beta readiness [0] (which I believe
started counting on alpha7).
cheers ./daniel
[0] https://github.com/openssl/openssl/milestone/17
