| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Joe Conway <mail(at)joeconway(dot)com>, Peter Eisentraut <peter(at)eisentraut(dot)org>, "Koshi Shibagaki (Fujitsu)" <shibagaki(dot)koshi(at)fujitsu(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Replace current implementations in crypt() and gen_salt() to OpenSSL |
| Date: | 2024-12-04 14:28:06 |
| Message-ID: | CA+TgmobcvL66gFiVtdRfetRH4vR=VYk4d6k3oAxZuQfSUDa2pg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Dec 4, 2024 at 8:54 AM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> Looking over this again I realized it's a bit silly to fall back on FIPS_mode()
> when EVP_default_properties_is_fips_enabled isn't available since that would
> only be OpenSSL versions before 3.0 (and since we don't support 1.0.2 then no
> such version can have FIPS). Sharing back a v3 which is what I think we should
> go with.
The comment suggests to me that if the user happened to be using
OpenSSL 1.1.1 and CheckLegacyCryptoMode() was called, the expected
outcome would be an error, but it will just return.
Am I confused?
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2024-12-04 14:29:50 | Re: checksum verification code breaks backups in v16- |
| Previous Message | Andrew Dunstan | 2024-12-04 14:08:53 | Re: Guidance Needed for Testing PostgreSQL Patch (CF-5044) |