On Tue, Jul 20, 2021 at 01:23:42AM +0200, Daniel Gustafsson wrote: > Another aspect of OpenSSL 3 compatibility is that of legacy cipher support, > and > as we concluded upthread it's best to leave that to the user to define in > openssl.cnf. The attached 0002 adds alternative output files for 3.0.0 > installations without the legacy provider loaded, as well as adds a note in > the > pgcrypto docs to enable it in case DES is needed. It does annoy me a bit that > we don't load the openssl.cnf file for 1.0.1 if we start mentioning it in the > docs for other versions, but it's probably not worth the effort to fix it > given > the lack of complaints so far (it needs a call to OPENSSL_config(NULL); > guarded > to HAVE_ macros for 1.0.1).
Sounds sensible as a whole. Another thing I can notice is that OpenSSL 3.0.0beta1 has taken care of the issue causing diffs in the tests of src/test/ssl/. So once pgcrypto is addressed, it looks like there is nothing left for this thread. -- Michael
signature.asc
Description: PGP signature
