| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, mikael(dot)kjellstrom(at)gmail(dot)com |
| Subject: | Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~? |
| Date: | 2024-04-06 07:12:01 |
| Message-ID: | 925ED986-C9E2-45C7-BFEC-8BF96E299864@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 6 Apr 2024, at 08:02, Peter Eisentraut <peter(at)eisentraut(dot)org> wrote:
>
> On 05.04.24 23:48, Daniel Gustafsson wrote:
>> The reason to expand the check is to ensure that we have the version we want
>> for both OpenSSL and LibreSSL, and deprecating OpenSSL versions isn't all that
>> commonly done so having to change the version in the check didn't seem that
>> invasive to me.
>
> Why do we need to check for the versions at all? We should just check for the functions we need. At least that's always been the normal approach in configure.
We could, but finding a stable set of functions which identifies the version of
OpenSSL *and* LibreSSL that we want, and their successors, while not matching
any older versions seemed more opaque than testing two numeric values. The
suggested check is modelled on the LDAP check which tests for an explicit
version in a header file (albeit not for erroring out).
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2024-04-06 07:22:02 | Re: DROP OWNED BY fails to clean out pg_init_privs grants |
| Previous Message | jian he | 2024-04-06 06:55:32 | Re: remaining sql/json patches |