Re: Update minimum SSL version

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Update minimum SSL version
Date: 2019-11-30 02:43:45
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Fri, Nov 29, 2019 at 10:30:47AM -0500, Tom Lane wrote:
> What's the impact going to be on buildfarm members with older openssl
> installations? Perhaps "none", if they aren't running the ssl test
> suite, but we should be clear about it.

The buildfarm logs don't directly report the version of OpenSSL used
as far as I recalled, and a quick lookup shows that.. Anyway, I
recall that all Windows buildfarm members linking to OpenSSL use at
least 1.0.2 on HEAD. For the others, I would be ready to suspect that
some of them are still using 0.9.8 and 1.0.0.

Anyway, as we still support OpenSSL down to 0.9.8 on HEAD, shouldn't
we just patch the SSL TAP tests to make sure that we don't enforce an
incorrect minimum version at configuration time?

[... thinks more ...]

Actually, no, what I am writing here is incorrect. We should make
sure of that the default configuration is correct at initdb time, and
the patch does not do that.

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Thomas Munro 2019-11-30 02:46:16 Re: BufFileRead() error signalling
Previous Message Michael Paquier 2019-11-30 02:20:01 Re: Remove size limitations of vacuums dead_tuples array