> On 20 Jul 2021, at 09:54, Michael Paquier <mich...@paquier.xyz> wrote: > > On Tue, Jul 20, 2021 at 01:23:42AM +0200, Daniel Gustafsson wrote: >> Another aspect of OpenSSL 3 compatibility is that of legacy cipher support, >> and >> as we concluded upthread it's best to leave that to the user to define in >> openssl.cnf. The attached 0002 adds alternative output files for 3.0.0 >> installations without the legacy provider loaded, as well as adds a note in >> the >> pgcrypto docs to enable it in case DES is needed. It does annoy me a bit >> that >> we don't load the openssl.cnf file for 1.0.1 if we start mentioning it in the >> docs for other versions, but it's probably not worth the effort to fix it >> given >> the lack of complaints so far (it needs a call to OPENSSL_config(NULL); >> guarded >> to HAVE_ macros for 1.0.1). > > Sounds sensible as a whole.
Thanks for reviewing! > Another thing I can notice is that > OpenSSL 3.0.0beta1 has taken care of the issue causing diffs in the > tests of src/test/ssl/. So once pgcrypto is addressed, it looks like > there is nothing left for this thread. That's a good point, I forgot to bring that up. -- Daniel Gustafsson https://vmware.com/
