| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~? |
| Date: | 2024-04-03 19:12:47 |
| Message-ID: | C88E69F7-3B3B-411D-B7C9-8BFEFB444C5E@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 3 Apr 2024, at 17:29, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> writes:
>> As far as I can tell, no versions of LibreSSL so far provide
>> X509_get_signature_info(), so this patch is probably a bit too
>> aggressive.
>
> Another problem with cutting support is how many buildfarm members
> will we lose. I scraped recent configure logs and got the attached
> results. I count 3 machines running 1.0.1,
Support for 1.0.1 was removed with 8e278b657664 in July 2023 so those are not
building with OpenSSL enabled already.
> 18 running some flavor of 1.0.2,
massasauga and snakefly run the ssl_passphrase_callback-check test but none of
these run the ssl-check tests AFAICT, so we have very low coverage as is. The
fact that very few animals run the ssl tests is a pet peeve of mine, it would
be nice if we could get broader coverage there.
Worth noting is that the OpenSSL check in configure.ac only reports what the
version of the OpenSSL binary in $PATH is, not which version of the library
that we build against (using --with-libs/--with-includes etc).
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2024-04-03 19:21:24 | Re: On disable_cost |
| Previous Message | Daniel Gustafsson | 2024-04-03 19:08:10 | Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~? |