| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-committers(at)postgresql(dot)org |
| Subject: | Re: pgsql: Set libpq sslcompression to off by default |
| Date: | 2018-03-20 08:03:35 |
| Message-ID: | A99641B5-8198-41DD-A240-FCD5EFE5B497@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
> On 20 Mar 2018, at 05:15, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
>> On 3/17/18 15:12, Daniel Gustafsson wrote:
>>> On 17 Mar 2018, at 17:47, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>>> Buildfarm reports that SSL_clear_options isn't available everywhere.
>
>>> Per some reading of the documentation and various patchers it seems
>>> SSL_clear_options() was introduced in 0.9.8m and SSL_OP_NO_COMPRESSION in
>>> 1.0.0.
>
>> It seems the failure is limited to an old NetBSD version. They might
>> have patched their libssl locally somehow. Is it worth supporting this?
>
> Dunno, but the other side of the coin is that the goals of this patch
> don't seem like a sufficient reason to break backwards compatibility
> with any platform.
If we test for SSL_clear_options(), and use the sk_SSL_COMP_zero() where not
available, we should be able to keep backwards compatibility with older OpenSSL
revisions even if the distros have patched them AFAICT. Unless you’re already
working on it I can take a stab at it.
cheers ./daniel
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2018-03-20 14:37:36 | pgsql: Fix CommandCounterIncrement in partition-related DDL |
| Previous Message | Tom Lane | 2018-03-20 04:15:38 | Re: pgsql: Set libpq sslcompression to off by default |