On Thu, Jun 22, 2023 at 08:08:54PM +0200, Peter Eisentraut wrote: > The message linked to above also says: > >> I'm not sure. I don't have a good sense of what OpenSSL versions we >> claim to support in branches older than PG13. We made a conscious >> decision for 1.0.1 in PG13, but I seem to recall that that discussion >> also revealed that the version assumptions before that were quite >> inconsistent. Code in PG12 and before makes references to OpenSSL as >> old as 0.9.6. But OpenSSL 3.0.0 will reject a compat level older than >> 0.9.8.
Well, I highly doubt that anybody has tried to compile Postgres 12
with OpenSSL 0.9.7 for a few years. If they attempt to do so, the
compilation fails:
<command-line>: note: this is the location of the previous definition
In file included from ../../src/include/common/scram-common.h:16,
from scram-common.c:23:
../../src/include/common/sha2.h:73:9: error: unknown type name ‘SHA256_CTX’
73 | typedef SHA256_CTX pg_sha256_ctx;
One reason is that SHA256_CTX is defined in OpenSSL 0.9.8
crypto/sha/sha.h, but this exists only in fips-1.0 in OpenSSL 0.9.7,
while we rely on SHA256_CTX in src/common/ since SCRAM exists.
Also, note that the documentation claims that the minimum version of
OpenSSL supported is 0.9.8, which is something that commit 9b7cd59 has
done, impacting Postgres 10~. So your argument looks incorrect to me?
Honestly, I see no reason to not move on with this and remove these
deprecation warnings as proposed by the last patches sent. (I have
run builds with 0.9.8, FWIW.)
--
Michael
signature.asc
Description: PGP signature
