Andreas Karlsson writes:
> On 04/16/2017 03:14 AM, Tom Lane wrote:
>> 1. Back-patch that patch, probably also including the followup adjustments
>> in 86029b31e and 36a3be654.
> Given that I cannot recall seeing any complaints about the behavior of
> 9.4 compared to 9.3 I am leaning towards #1.
On 04/16/2017 03:14 AM, Tom Lane wrote:
1. Back-patch that patch, probably also including the followup adjustments
in 86029b31e and 36a3be654.
2. Add #if's to use 31cf1a1a4's coding with OpenSSL >= 1.1, while keeping
the older code for use when built against older OpenSSLs.
3. Conditionall
I wrote:
> If we want to go any further back with 1.1 support, we have a range
> of options:
> 1. Back-patch that patch, probably also including the followup adjustments
> in 86029b31e and 36a3be654.
> 2. Add #if's to use 31cf1a1a4's coding with OpenSSL >= 1.1, while keeping
>the older code f
Andreas Karlsson writes:
> On 09/15/2016 05:38 PM, Alvaro Herrera wrote:
>> I suppose some interested party could grab the patch that Heikki
>> committed to the new branches and produce a back-patch that can be
>> applied to the older branches.
> Here is the result of backporting the sum of the t
On 09/16/2016 04:11 PM, Christoph Berg wrote:
Thanks for the patch!
I just tried to apply it to 9.2. There was a conflict in configure.in which was
trivial to resolve.
Another conflict in contrib/pgcrypto/pgcrypto.c was not applicable
because the code doesn't seem to exist (didn't try very hard
Re: To Heikki Linnakangas 2016-09-15
<20160915213406.2mjlhcg7px3sa...@msg.df7cb.de>
> > Can you elaborate? Are you saying that Debian 9 (strect) will not ship
> > OpenSSL 1.0.2 anymore, and will require using OpenSSL 1.1.0?
>
> I thought that was the plan, but upon asking on #debian-devel, it
> s
Andreas Karlsson writes:
> On 09/15/2016 05:38 PM, Alvaro Herrera wrote:
>> I suppose some interested party could grab the patch that Heikki
>> committed to the new branches and produce a back-patch that can be
>> applied to the older branches.
> Here is the result of backporting the sum of the t
On 09/15/2016 05:38 PM, Alvaro Herrera wrote:
I suppose some interested party could grab the patch that Heikki
committed to the new branches and produce a back-patch that can be
applied to the older branches.
Here is the result of backporting the sum of the two patches on top of
REL9_4_STABLE.
Re: Heikki Linnakangas 2016-09-15 <7e4991a9-410f-5e1f-2a3a-e918e4a4b...@iki.fi>
> > I'm afraid it's not that easy - Debian 9 (stretch) will release at the
> > beginning of next year, and apt.postgresql.org will want to build
> > 9.2/9.3/9.4 for that distribution. I guess yum.postgresql.org will
> >
On 09/15/2016 05:33 PM, Christoph Berg wrote:
Re: Michael Paquier 2016-09-15
On Thu, Sep 15, 2016 at 8:57 PM, Heikki Linnakangas wrote:
I backpatched this to 9.5, but not further than that. The functions this
modified were moved around in 9.5, so the patch wouldn't apply as is. It
wouldn't b
Christoph Berg wrote:
> Re: Michael Paquier 2016-09-15
>
> > On Thu, Sep 15, 2016 at 8:57 PM, Heikki Linnakangas wrote:
> > > I backpatched this to 9.5, but not further than that. The functions this
> > > modified were moved around in 9.5, so the patch wouldn't apply as is. It
> > > wouldn't be
Re: Michael Paquier 2016-09-15
> On Thu, Sep 15, 2016 at 8:57 PM, Heikki Linnakangas wrote:
> > I backpatched this to 9.5, but not further than that. The functions this
> > modified were moved around in 9.5, so the patch wouldn't apply as is. It
> > wouldn't be difficult to back-patch further if
On Thu, Sep 15, 2016 at 8:57 PM, Heikki Linnakangas wrote:
> I backpatched this to 9.5, but not further than that. The functions this
> modified were moved around in 9.5, so the patch wouldn't apply as is. It
> wouldn't be difficult to back-patch further if there's demand, but I'm not
> eager to d
On 09/15/2016 03:16 AM, Andreas Karlsson wrote:
Now for a review:
It looks generally good but I think I saw one error. In
fe-secure-openssl.c your code still calls SSL_library_init() in OpenSSL
1.1. I think it should be enough to just call
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) like yo
On 09/15/2016 02:03 AM, Andreas Karlsson wrote:
On 09/12/2016 06:51 PM, Heikki Linnakangas wrote:
Changes since last version:
* Added more error checks to the my_BIO_s_socket() function. Check for
NULL result from malloc(). Check the return code of BIO_meth_set_*()
functions; looking at OpenSSL
On 09/12/2016 06:51 PM, Heikki Linnakangas wrote:
Changes since last version:
* Added more error checks to the my_BIO_s_socket() function. Check for
NULL result from malloc(). Check the return code of BIO_meth_set_*()
functions; looking at OpenSSL sources, they always succeed, but all the
test/e
On Tue, Sep 13, 2016 at 1:51 AM, Heikki Linnakangas wrote:
> I planned to commit this today, but while reading through it and testing, I
> ended up doing a bunch more changes, so this deserves another round of
> review.
OK, I am giving it a try. Note to people using OSX: at least for brew
there i
On 09/05/2016 02:52 PM, Heikki Linnakangas wrote:
On 09/05/2016 03:23 AM, Tom Lane wrote:
Judging by the number of people who have popped up recently with their
own OpenSSL 1.1 patches, I think there is going to be a lot of demand for
back-patching some sort of 1.1 support into our back branches
On 09/05/2016 03:12 AM, Andreas Karlsson wrote:
On 08/30/2016 08:42 AM, Heikki Linnakangas wrote:
There's the ResourceOwner mechanism, see src/backend/utils/resowner/.
That would be the proper way to do this. Call
RegisterResourceReleaseCallback() when the context is allocated, and
have the call
On Mon, Sep 5, 2016 at 9:32 AM, Andreas Karlsson wrote:
> On 09/05/2016 02:23 AM, Tom Lane wrote:
>>
>> Judging by the number of people who have popped up recently with their
>> own OpenSSL 1.1 patches, I think there is going to be a lot of demand for
>> back-patching some sort of 1.1 support into
On 09/05/2016 02:23 AM, Tom Lane wrote:
Judging by the number of people who have popped up recently with their
own OpenSSL 1.1 patches, I think there is going to be a lot of demand for
back-patching some sort of 1.1 support into our back branches. All this
talk of refactoring does not sound very
Andreas Karlsson writes:
> On 08/30/2016 08:42 AM, Heikki Linnakangas wrote:
>> PS. I just remembered that I've wanted to refactor the pgcrypto calls
>> for symmetric encryption to use the newer EVP API for some time, and
>> even posted a patch for that
>> (https://www.postgresql.org/message-id/56
On 08/30/2016 08:42 AM, Heikki Linnakangas wrote:
There's the ResourceOwner mechanism, see src/backend/utils/resowner/.
That would be the proper way to do this. Call
RegisterResourceReleaseCallback() when the context is allocated, and
have the callback free it. One pitfall to watch out for is tha
On 08/30/2016 03:26 AM, Andreas Karlsson wrote:
On 08/26/2016 11:31 AM, Heikki Linnakangas wrote:
On 07/05/2016 04:46 PM, Andreas Karlsson wrote:
@@ -280,8 +287,9 @@ px_find_digest(const char *name, PX_MD **res)
digest = px_alloc(sizeof(*digest));
digest->algo = md;
-EVP_MD_CTX_i
On 08/26/2016 11:31 AM, Heikki Linnakangas wrote:
On 07/05/2016 04:46 PM, Andreas Karlsson wrote:
@@ -280,8 +287,9 @@ px_find_digest(const char *name, PX_MD **res)
digest = px_alloc(sizeof(*digest));
digest->algo = md;
-EVP_MD_CTX_init(&digest->ctx);
-if (EVP_DigestInit_ex(&di
On 08/29/2016 07:22 PM, Heikki Linnakangas wrote:
Pushed with some small doc fixes, thanks Andreas! I'll continue
reviewing the rest of the patches.
Thanks!
Andreas
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgre
> Le 29 août 2016 à 19:46, Heikki Linnakangas a écrit :
>
>
> Tom, Rémi, can you fix locust and prairiedog, please, by updating OpenSSL or
> removing --with-openssl?
>
Hi,
Should be OK for locust on next build.
Rémi
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
Heikki Linnakangas writes:
> Buildfarm animals "locust" and "prairiedog" are not happy with this.
> They seem to be using OpenSSL 0.9.7, as they failed with errors related
> to those ECDH calls:
prairiedog definitely is, and since locust is also an ancient OS X
version, that's not too surprisin
On 08/29/2016 08:22 PM, Heikki Linnakangas wrote:
On 08/27/2016 05:15 PM, Peter Eisentraut wrote:
On 8/26/16 9:26 PM, Andreas Karlsson wrote:
I have attached a patch which removes the < 0.9.8 compatibility code.
Should we also add a version check to configure? We do not have any such
check curr
On 08/27/2016 05:15 PM, Peter Eisentraut wrote:
On 8/26/16 9:26 PM, Andreas Karlsson wrote:
I have attached a patch which removes the < 0.9.8 compatibility code.
Should we also add a version check to configure? We do not have any such
check currently.
I think that is not necessary.
I was goi
On 8/26/16 9:26 PM, Andreas Karlsson wrote:
> I have attached a patch which removes the < 0.9.8 compatibility code.
> Should we also add a version check to configure? We do not have any such
> check currently.
I think that is not necessary.
--
Peter Eisentraut http://www.2ndQuadra
On Sat, Aug 27, 2016 at 2:04 AM, Heikki Linnakangas wrote:
> On 08/26/2016 07:44 PM, Tom Lane wrote:
>> Peter Eisentraut writes:
>> Also, I get this on fully-up-to-date OS X (El Capitan):
>>
>> $ openssl version
>> OpenSSL 0.9.8zh 14 Jan 2016
>
>
> Ok, sold, let's remove support for OpenSSL < 0.9
On 08/26/2016 07:04 PM, Heikki Linnakangas wrote:
On 08/26/2016 07:44 PM, Tom Lane wrote:
Peter Eisentraut writes:
On 8/26/16 5:31 AM, Heikki Linnakangas wrote:
I think now would be a good time to drop support for OpenSSL versions
older than 0.9.8. OpenSSL don't even support 0.9.8 anymore, al
Heikki Linnakangas writes:
> Yeah, they want people to move to their own SSL library [1].
> [1] I couldn't find any official statement, but lots of blog posts
> saying the same thing.
As I recall, the deprecation warning messages said that in so many words.
That probably counts as an official s
On 08/26/2016 07:44 PM, Tom Lane wrote:
Peter Eisentraut writes:
On 8/26/16 5:31 AM, Heikki Linnakangas wrote:
I think now would be a good time to drop support for OpenSSL versions
older than 0.9.8. OpenSSL don't even support 0.9.8 anymore, although
there are probably distributions out there t
Peter Eisentraut writes:
> On 8/26/16 5:31 AM, Heikki Linnakangas wrote:
>> I think now would be a good time to drop support for OpenSSL versions
>> older than 0.9.8. OpenSSL don't even support 0.9.8 anymore, although
>> there are probably distributions out there that still provide patches
>> f
On 8/26/16 5:31 AM, Heikki Linnakangas wrote:
> I think now would be a good time to drop support for OpenSSL versions
> older than 0.9.8. OpenSSL don't even support 0.9.8 anymore, although
> there are probably distributions out there that still provide patches
> for it. But OpenSSL 0.9.7 and old
On 07/05/2016 04:46 PM, Andreas Karlsson wrote:
@@ -280,8 +287,9 @@ px_find_digest(const char *name, PX_MD **res)
digest = px_alloc(sizeof(*digest));
digest->algo = md;
- EVP_MD_CTX_init(&digest->ctx);
- if (EVP_DigestInit_ex(&digest->ctx, digest->algo, NULL) == 0)
+
On 07/05/2016 11:13 AM, Victor Wagner wrote:
On Fri, 1 Jul 2016 02:27:03 +0200
Andreas Karlsson wrote:
0003-Remove-OpenSSL-1.1-deprecation-warnings.patch
Silence all warnings. This commit changes more things and is not
necessary for getting PostgreSQL to build against 1.1.
This patch breaks
On Fri, 1 Jul 2016 02:27:03 +0200
Andreas Karlsson wrote:
> 0003-Remove-OpenSSL-1.1-deprecation-warnings.patch
>
> Silence all warnings. This commit changes more things and is not
> necessary for getting PostgreSQL to build against 1.1.
This patch breaks feature, which exists in PostgreSQL si
Re: Andreas Karlsson 2016-07-02
> On 07/01/2016 11:41 AM, Christoph Berg wrote:
> > thanks for the patches. I applied all there patches on top of HEAD
> > (10c0558f). The server builds and passes "make check", pgcrypto still
> > needs work, though:
>
> Thanks, I had forgotten pgcrypto.
pgcrypto
On 07/02/2016 02:45 AM, Andreas Karlsson wrote:
On 07/02/2016 02:28 AM, Alvaro Herrera wrote:
Generally, version number tests sprinkled all over the place are not
terribly nice. I think it would be better to get configure to define a
symbol like HAVE_BIO_METH_NEW. Not sure about the other hunk
On 07/02/2016 02:28 AM, Alvaro Herrera wrote:
static BIO_METHOD *
my_BIO_s_socket(void)
{
- if (!my_bio_initialized)
+ if (!my_bio_methods)
{
- memcpy(&my_bio_methods, BIO_s_socket(), sizeof(BIO_METHOD));
- my_bio_methods.bread = my_sock_read;
-
Thanks for this effort.
> static BIO_METHOD *
> my_BIO_s_socket(void)
> {
> - if (!my_bio_initialized)
> + if (!my_bio_methods)
> {
> - memcpy(&my_bio_methods, BIO_s_socket(), sizeof(BIO_METHOD));
> - my_bio_methods.bread = my_sock_read;
> - my_
On 07/01/2016 11:41 AM, Christoph Berg wrote:
thanks for the patches. I applied all there patches on top of HEAD
(10c0558f). The server builds and passes "make check", pgcrypto still
needs work, though:
Thanks, I had forgotten pgcrypto.
When fixing pgcrypto I noticed that the OpenSSL team has
Re: Andreas Karlsson 2016-07-01 <688a438c-ccc2-0431-7100-26e418fc3...@proxel.se>
> Hi,
>
> Here is an initial set of patches related to OpenSSL 1.1. Everything should
> still build fine on older OpenSSL versions (and did when I tested with
> 1.0.2h).
Hi Andreas,
thanks for the patches. I applied
On Fri, Jul 1, 2016 at 10:10 AM, Michael Paquier
wrote:
> On Fri, Jul 1, 2016 at 5:02 PM, Magnus Hagander
> wrote:
> > Debian testing is still on 1.0.2h.
> > Debian experimental is on 1.1.0pre5.
> >
> > Not sure here beta2 enters the discussion, it's not mentioned anywhere on
> > their site?
>
>
On Fri, Jul 1, 2016 at 5:02 PM, Magnus Hagander wrote:
> Debian testing is still on 1.0.2h.
> Debian experimental is on 1.1.0pre5.
>
> Not sure here beta2 enters the discussion, it's not mentioned anywhere on
> their site?
Thanks. From the main page of openssl.org, pre5 is beta2.
--
Michael
--
On Fri, Jul 1, 2016 at 4:08 AM, Michael Paquier
wrote:
> On Fri, Jul 1, 2016 at 9:27 AM, Andreas Karlsson
> wrote:
> > Hi,
> >
> > Here is an initial set of patches related to OpenSSL 1.1. Everything
> should
> > still build fine on older OpenSSL versions (and did when I tested with
> > 1.0.2h).
On Fri, Jul 1, 2016 at 9:27 AM, Andreas Karlsson wrote:
> Hi,
>
> Here is an initial set of patches related to OpenSSL 1.1. Everything should
> still build fine on older OpenSSL versions (and did when I tested with
> 1.0.2h).
>
> 0001-Fixes-for-compiling-with-OpenSSL-1.1.patch
>
> This patch fixes
Hi,
Here is an initial set of patches related to OpenSSL 1.1. Everything
should still build fine on older OpenSSL versions (and did when I tested
with 1.0.2h).
0001-Fixes-for-compiling-with-OpenSSL-1.1.patch
This patch fixes the code so it builds with OpenSSL 1.1 (except the
CRYPTO_LOCK iss
On Tue, Jun 28, 2016 at 3:21 AM, Andreas Karlsson wrote:
> Yes, we could do that, but I do not think we should check for the existence
> of a backwards compatibility macro. Actually I think we may want to skip
> much of the OpenSSL initialization code when compiling against OpenSSL 1.1
> since the
On 06/27/2016 08:12 PM, Christoph Berg wrote:
Re: Andreas Karlsson 2016-06-27 <8a0a5959-0b83-3dc8-d9e7-66ce8c1c5...@proxel.se>
The errors you report make it sound like they broke API compatibility
wholesale. Was that really their intent? If so, where are the changes
documented?
I do not see
Re: Andreas Karlsson 2016-06-27 <8a0a5959-0b83-3dc8-d9e7-66ce8c1c5...@proxel.se>
> > The errors you report make it sound like they broke API compatibility
> > wholesale. Was that really their intent? If so, where are the changes
> > documented?
>
> I do not see that they have documented the remo
On 06/27/2016 05:24 PM, Tom Lane wrote:
Christoph Berg writes:
as reported by Debian's OpenSSL maintainers, PostgreSQL is failing to
build against a snapshot of the upcoming 1.1.0 version.
The errors you report make it sound like they broke API compatibility
wholesale. Was that really their
Christoph Berg writes:
> as reported by Debian's OpenSSL maintainers, PostgreSQL is failing to
> build against a snapshot of the upcoming 1.1.0 version.
The errors you report make it sound like they broke API compatibility
wholesale. Was that really their intent? If so, where are the changes
do
Hi,
as reported by Debian's OpenSSL maintainers, PostgreSQL is failing to
build against a snapshot of the upcoming 1.1.0 version. The report was
for 9.5.3, but I can reproduce it in HEAD as well:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828510
> OpenSSL 1.1.0 is about to released. Durin
57 matches
Mail list logo
