Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Tue, 10 Sep 2024 01:01:48 -0700 

On 02.09.24 14:26, Daniel Gustafsson wrote:

On 2 Sep 2024, at 10:03, Daniel Gustafsson <dan...@yesql.se> wrote:


On 23 Aug 2024, at 01:56, Michael Paquier <mich...@paquier.xyz> wrote:

On Thu, Aug 22, 2024 at 11:13:15PM +0200, Daniel Gustafsson wrote:

On 22 Aug 2024, at 02:31, Michael Paquier <mich...@paquier.xyz> wrote:

Just do it :)


That's my plan, I wanted to wait a bit to see if anyone else chimed in with
concerns.


Cool, thanks!


Attached is a rebased v15 (only changes are commit-message changes noted by
Peter upthread) for the sake of archives, and for a green-check run in the
CFBot.  Assuming this builds green I intend to push this.


And pushed.  All BF owners with animals using 1.0.2 have been notified but not
all have been updated (or modified to skip SSL) so there will be some failing.
A small follow-up for this: With the current minimum OpenSSL version being 1.1.0, we can remove an unconstify() call; see attached patch.
See this OpenSSL commit: <https://github.com/openssl/openssl/commit/8ab31975ba>. The analogous LibreSSL change is here: <https://cvsweb.openbsd.org/src/lib/libcrypto/bio/bss_mem.c?rev=1.17&content-type=text/x-cvsweb-markup>. I don't know if we have a concrete minimum LibreSSL version, but the change is about as old as the OpenSSL change. 


From 91550eaac4883113b9e85361c5c049a6555cd2f3 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <pe...@eisentraut.org>
Date: Tue, 10 Sep 2024 09:53:32 +0200
Subject: [PATCH] Remove obsolete unconstify()

This is no longer needed as of OpenSSL 1.1.0 (the current minimum
version).  LibreSSL made the same change around the same time as well.
---
 src/backend/libpq/be-secure-openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend/libpq/be-secure-openssl.c 
b/src/backend/libpq/be-secure-openssl.c
index 1ebd3f2e6d3..8ec78c83304 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -1075,7 +1075,7 @@ load_dh_buffer(const char *buffer, size_t len)
        BIO                *bio;
        DH                 *dh = NULL;
 
-       bio = BIO_new_mem_buf(unconstify(char *, buffer), len);
+       bio = BIO_new_mem_buf(buffer, len);
        if (bio == NULL)
                return NULL;
        dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-- 
2.46.0

Reply via email to