| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: OpenSSL 3.0.0 compatibility |
| Date: | 2021-08-06 18:41:22 |
| Message-ID: | 9ffa0104-5908-1fe3-84fb-7958d8e75a23@enterprisedb.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 20.07.21 01:23, Daniel Gustafsson wrote:
>> So I think your proposed patch is sound and a good short-term and low-risk solution
> The attached 0001 disables the padding. I've tested this with OpenSSL 1.0.1,
> 1.0.2, 1.1.1 and Git HEAD at e278127cbfa2709d.
>
> Another aspect of OpenSSL 3 compatibility is that of legacy cipher support, and
> as we concluded upthread it's best to leave that to the user to define in
> openssl.cnf. The attached 0002 adds alternative output files for 3.0.0
> installations without the legacy provider loaded, as well as adds a note in the
> pgcrypto docs to enable it in case DES is needed. It does annoy me a bit that
> we don't load the openssl.cnf file for 1.0.1 if we start mentioning it in the
> docs for other versions, but it's probably not worth the effort to fix it given
> the lack of complaints so far (it needs a call to OPENSSL_config(NULL); guarded
> to HAVE_ macros for 1.0.1).
Are you going to commit these?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mahendra Singh Thalor | 2021-08-06 18:43:30 | Re: Support reset of Shared objects statistics in "pg_stat_reset" function |
| Previous Message | Bossart, Nathan | 2021-08-06 18:26:12 | Re: archive status ".ready" files may be created too early |