Re: SSL tests fail on OpenSSL v3.2.0

On Wed Nov 29, 2023 at 10:32 AM CST, Tom Lane wrote:
> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
> > On 29 Nov 2023, at 16:21, Tristan Partin <tristan(at)neon(dot)tech> wrote:
> >> Funnily enough, here[0] is BoringSSL adding the BIO_{get,set}_app_data() APIs.
>
> > Still doesn't seem like a good candidate for a postgres TLS library since they
> > themselves claim:
> > "Although BoringSSL is an open source project, it is not intended for
> > general use, as OpenSSL is. We don't recommend that third parties depend
> > upon it. Doing so is likely to be frustrating because there are no
> > guarantees of API or ABI stability."
>
> Kind of odd that, with that mission statement, they are adding
> BIO_{get,set}_app_data on the justification that OpenSSL has it
> and Postgres is starting to use it. Nonetheless, that commit
> also seems to prove the point about lack of API/ABI stability.
>
> I'm content to take their advice and not try to support BoringSSL.
> It's not clear what benefit to us there would be, and we already
> have our hands full coping with all the different OpenSSL and LibreSSL
> versions.

Yep, I just wanted to point it out in the interest of relevancy to our
conversation yesterday :).

--
Tristan Partin
Neon (https://neon.tech)