Re: SSL tests fail on OpenSSL v3.2.0

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc: Tristan Partin <tristan(at)neon(dot)tech>, Bo Anderson <mail(at)boanderson(dot)me>, Michael Paquier <michael(at)paquier(dot)xyz>, Nazir Bilal Yavuz <byavuz81(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SSL tests fail on OpenSSL v3.2.0
Date: 2023-11-29 16:32:37
Message-ID: 309222.1701275557@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
> On 29 Nov 2023, at 16:21, Tristan Partin <tristan(at)neon(dot)tech> wrote:
>> Funnily enough, here[0] is BoringSSL adding the BIO_{get,set}_app_data() APIs.

> Still doesn't seem like a good candidate for a postgres TLS library since they
> themselves claim:
> "Although BoringSSL is an open source project, it is not intended for
> general use, as OpenSSL is. We don't recommend that third parties depend
> upon it. Doing so is likely to be frustrating because there are no
> guarantees of API or ABI stability."

Kind of odd that, with that mission statement, they are adding
BIO_{get,set}_app_data on the justification that OpenSSL has it
and Postgres is starting to use it. Nonetheless, that commit
also seems to prove the point about lack of API/ABI stability.

I'm content to take their advice and not try to support BoringSSL.
It's not clear what benefit to us there would be, and we already
have our hands full coping with all the different OpenSSL and LibreSSL
versions.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tristan Partin 2023-11-29 16:48:23 Re: SSL tests fail on OpenSSL v3.2.0
Previous Message John Naylor 2023-11-29 16:26:21 Re: Change GUC hashtable to use simplehash?