Re: OpenSSL 3.0.0 compatibility

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: OpenSSL 3.0.0 compatibility
Date: 2020-11-26 08:08:58
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Tue, Sep 29, 2020 at 12:25:05PM +0200, Daniel Gustafsson wrote:
> The attached adds config loading to pgcrypto for < 1.1.0 and a doc notice for
> enabling the legacy provider in 3.0.0. This will require an alternative output
> file for non-legacy configs, but that should wait until 3.0.0 is GA since the
> returned error messages have changed over course of development and may not be
> set in stone just yet.

FWIW, testing with 3.0.0-alpha9 dev (2d84089), I can see that the
error we have in our SSL tests when using a wrong password in the
private PEM key leads now to "PEM lib" instead of "bad decrypt".

Upthread, we had "nested asn1 error":
It looks like not everything is sorted out there yet.

pgcrypto is also throwing new errors. Daniel, what if we let this
patch aside until upstream has sorted out their stuff?

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2020-11-26 08:13:59 Re: Online verification of checksums
Previous Message 2020-11-26 07:59:21 RE: Stronger safeguard for archive recovery not to miss data