From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
---|---|
To: | Michael Paquier <michael(at)paquier(dot)xyz> |
Cc: | Peter Eisentraut <peter(at)eisentraut(dot)org>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, mikael(dot)kjellstrom(at)gmail(dot)com, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Subject: | Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~? |
Date: | 2024-04-15 09:07:05 |
Message-ID: | 34B8DFB0-93F7-470D-8E21-D916FB72BA8D@yesql.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> On 15 Apr 2024, at 07:04, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> On Fri, Apr 12, 2024 at 02:42:57PM +0200, Daniel Gustafsson wrote:
>> Is the attached split in line with how you were thinking about it?
>
> If I may, 0001 looks sensible here. The bits from 0003 and 0004 could
> be applied before 0002, as well.
Agreed, once we are in post-freeze I think those three are mostly ready to go.
> - /* do post-fork initialization for random number generation */
> - pg_strong_random_init();
>
> Perhaps you intented this diff to be in 0005 rather than in 0002?
> With 0002 applied, only support for 1.0.2 is removed, not 1.1.0 yet.
Yes, nice catch, that was a mistake in splitting up the patch into multiple
pieces, it should be in the 0005 patch for strong random. Fixed.
> s/requred/required/.
Fixed.
> Rather than calling always RAND_poll(), this
> could use a static flag to call it only once when pg_strong_random is
> called for the first time.
Agreed, we can good that. Fixed.
> I would not mind seeing this part entirely
> gone with the removal of support for 1.1.0.
If we want to keep autoconf from checking versions and just check compatibility
(with our code) then we will remain at 1.1.0 compatibility. The only 1.1.1 API
we use is not present in LibreSSL so we can't really place a hard restriction
on that. It might be that keeping it for now, and removing it later during the
v18 cycle as we modernize our OpenSSL code (which I hope to find time to work
on) and make use of newer 1.1.1 API:s. That way we can keep our autoconf/meson
checks consistent across library checks. If we end up with no new API:s to
check for by the time the last commitfest of v18 rolls around, we can revisit
the decision then.
--
Daniel Gustafsson
Attachment | Content-Type | Size |
---|---|---|
v8-0005-Remove-pg_strong_random-initialization.patch | application/octet-stream | 4.2 KB |
v8-0004-Support-SSL_R_VERSION_TOO_LOW-on-LibreSSL.patch | application/octet-stream | 1.2 KB |
v8-0003-Support-disallowing-SSL-renegotiation-in-LibreSSL.patch | application/octet-stream | 2.0 KB |
v8-0002-Remove-support-for-OpenSSL-1.0.2.patch | application/octet-stream | 25.8 KB |
v8-0001-Doc-Use-past-tense-for-things-which-happened-in-t.patch | application/octet-stream | 1.6 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Andrey M. Borodin | 2024-04-15 09:07:27 | Re: "backend process" confused with "server process" |
Previous Message | jian he | 2024-04-15 09:01:18 | "backend process" confused with "server process" |