On 08/26/2016 07:44 PM, Tom Lane wrote:
> Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
>> On 8/26/16 5:31 AM, Heikki Linnakangas wrote:
>>> I think now would be a good time to drop support for OpenSSL versions
>>> older than 0.9.8. OpenSSL don't even support 0.9.8 anymore, although
>>> there are probably distributions out there that still provide patches
>>> for it. But OpenSSL 0.9.7 and older are really not interesting for
>>> PostgreSQL 10 anymore, I think.
>
>> CentOS 5 currently ships 0.9.8e. That's usually the oldest OS we want
>> to support eagerly.
>
> Also, I get this on fully-up-to-date OS X (El Capitan):
>
> $ openssl version
> OpenSSL 0.9.8zh 14 Jan 2016
Ok, sold, let's remove support for OpenSSL < 0.9.8.
> Worth noting though is that without -Wno-deprecated-declarations, you
> find that Apple has sprinkled the entire OpenSSL API with deprecation
> warnings. That suggests that their plan for the future is to drop it
> rather than update it. Should we be thinking ahead to that?
Yeah, they want people to move to their own SSL library [1]. I doubt
they will actually remove it any time soon, but who knows. It would be a
good project for someone with an OS X system and some spare time, to
write a patch to build with OS X's native SSL library instead of
OpenSSL. The code is structured nicely to enable that now.
[1] I couldn't find any official statement, but lots of blog posts
saying the same thing.
- Heikki
