Re: OpenSSL 3.0.0 vs old branches

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: OpenSSL 3.0.0 vs old branches
Date: 2023-02-08 04:24:48
Message-ID: Y+MkEEIlsSL99R2P@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Feb 07, 2023 at 01:28:26PM -0500, Tom Lane wrote:
> I double-checked this on Fedora 37 (openssl 3.0.5). v11 and v12
> do build --with-openssl. There are an annoyingly large number of
> -Wdeprecated-declarations warnings, but those are there in v13 too.
> I confirm that back-patching f0d2c65f17 is required and sufficient
> to make the ssl test pass.

+1. (I am annoyed by that for any backpatch that involves v11 and
v12.)

> I think Peter's misremembering the history, and OpenSSL 3 *is*
> supported in these branches. There could be an argument for
> not back-patching f0d2c65f17 on the grounds that pre-1.1.1 is
> also supported there. On the whole though, it seems more useful
> today for that test to pass with 3.x than for it to pass with 0.9.8.
> And I can't see investing effort to make it do both (but if Peter
> wants to, I won't stand in the way).

Cutting support for 0.9.8 in oldest branches would be a very risky
move, but as you say, if that only involves a failure in the SSL
tests while still allowing anything we have to work, fine by me to
live with that.

Saying that, not being able to test these when working on a
SSL-specific patch adds an extra cost in back-patching. There are not
many of these lately, so that may be OK, still it would mean to apply
a reverse of f0d2c65. If things were to work for all the versions of
OpenSSL supported on 11 and 12, would it mean that the tests need to
store both -des and -aes256 data, having the tests switch from one to
the other depending on the version of OpenSSL built with?
--
Michael

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bharath Rupireddy 2023-02-08 04:27:27 Re: Improve WALRead() to suck data directly from WAL buffers when possible
Previous Message Amit Kapila 2023-02-08 04:13:16 Re: Assertion failure in SnapBuildInitialSnapshot()