Re: OpenSSL 1.1 breaks configure and more

From: Victor Wagner <vitus(at)wagner(dot)pp(dot)ru>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: OpenSSL 1.1 breaks configure and more
Date: 2016-07-05 09:13:47
Message-ID: 20160705121347.5c5c702f@fafnir.local.vm
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Fri, 1 Jul 2016 02:27:03 +0200
Andreas Karlsson <andreas(at)proxel(dot)se> wrote:

> 0003-Remove-OpenSSL-1.1-deprecation-warnings.patch
> Silence all warnings. This commit changes more things and is not
> necessary for getting PostgreSQL to build against 1.1.

This patch breaks feature, which exists in PostgreSQL since 8.2 -
support for SSL ciphers, provided by loadable modules such as Russian
national standard (GOST) algorithms, and support for cryptographic
hardware tokens (which are also supported by loadble modules called
engines in OpenSSL).

Call for OPENSSL_config was added to PostgreSQL for this purpose - it
loads default OpenSSL configuration file, where such things as crypto
hardware modules can be configured.

If we wish to keep this functionality, we need to explicitely call

OPENSSL_init_ssl(INIT_LOAD_CONFIG,NULL) instead of deprecated
OPENSSL_config in 1.1.0

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Andreas 'ads' Scherbaum 2016-07-05 09:16:14 Re: to_date_valid()
Previous Message Kyotaro HORIGUCHI 2016-07-05 09:02:02 Re: [CF2016-9] Allow spaces in working path on tap-tests