Re: SSL tests fail on OpenSSL v3.2.0

From: "Tristan Partin" <tristan(at)neon(dot)tech>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Daniel Gustafsson" <daniel(at)yesql(dot)se>
Cc: "Bo Anderson" <mail(at)boanderson(dot)me>, "Michael Paquier" <michael(at)paquier(dot)xyz>, "Nazir Bilal Yavuz" <byavuz81(at)gmail(dot)com>, "Andres Freund" <andres(at)anarazel(dot)de>, "PostgreSQL Hackers" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SSL tests fail on OpenSSL v3.2.0
Date: 2023-11-29 16:48:23
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Wed Nov 29, 2023 at 10:32 AM CST, Tom Lane wrote:
> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
> > On 29 Nov 2023, at 16:21, Tristan Partin <tristan(at)neon(dot)tech> wrote:
> >> Funnily enough, here[0] is BoringSSL adding the BIO_{get,set}_app_data() APIs.
> > Still doesn't seem like a good candidate for a postgres TLS library since they
> > themselves claim:
> > "Although BoringSSL is an open source project, it is not intended for
> > general use, as OpenSSL is. We don't recommend that third parties depend
> > upon it. Doing so is likely to be frustrating because there are no
> > guarantees of API or ABI stability."
> Kind of odd that, with that mission statement, they are adding
> BIO_{get,set}_app_data on the justification that OpenSSL has it
> and Postgres is starting to use it. Nonetheless, that commit
> also seems to prove the point about lack of API/ABI stability.
> I'm content to take their advice and not try to support BoringSSL.
> It's not clear what benefit to us there would be, and we already
> have our hands full coping with all the different OpenSSL and LibreSSL
> versions.

Yep, I just wanted to point it out in the interest of relevancy to our
conversation yesterday :).

Tristan Partin
Neon (

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2023-11-29 16:58:22 Re: SSL tests fail on OpenSSL v3.2.0
Previous Message Tom Lane 2023-11-29 16:32:37 Re: SSL tests fail on OpenSSL v3.2.0