On 2023-02-07 Tu 02:18, Peter Eisentraut wrote:
On 06.02.23 16:56, Andrew Dunstan wrote:
I recently moved crake to a new machine running Fedora 36, which has
OpenSSL 3.0.0. This causes the SSL tests to fail on branches earlier
than release 13, so I propose to backpatch commit f0d2c65f17 to the
release 11 and 12 branches.
This is not the only patch that we did to support OpenSSL 3.0.0. There
was a very lengthy discussion that resulted in various patches.
Unless we have a complete analysis of what was done and how it affects
various branches, I would not do this. Notably, we did actually
consider what to backpatch, and the current state is the result of
that. So let's not throw that away without considering that
carefully. Even if it gets it to compile, I personally would not
*trust* it without that analysis. I think we should just leave it
alone and consider OpenSSL 3.0.0 unsupported in the branches were it
is now unsupported. OpenSSL 1.1.1 is still supported upstream to
serve those releases.
The only thing this commit does is replace a DES encrypted key file with
one encrypted with AES-256. It doesn't affect compilation at all, and
shouldn't affect tests run with 1.1.1.
I guess the alternatives are a) disable the SSL tests on branches <= 12
or b) completely disable building with SSL for branches <= 12. I would
probably opt for a). I bet this crops up a few more times as OpenSSL
3.0.0 becomes more widespread, until release 12 goes EOL.
cheers
andrew
--
Andrew Dunstan
EDB:https://www.enterprisedb.com
