On Wed, May 7, 2025 at 4:34 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > Thanks, I'll look into reporting it tomorrow. In the meantime, > I couldn't help noticing that the backtraces went through > lib/libssl/tls13_legacy.c, which doesn't give a warm feeling > about how supported they think our usage is (and perhaps also > explains why they didn't detect this bug themselves). This is > evidently because we set up the SSL context with SSLv23_method(), > per this comment in be_tls_init():
Oh, interesting. I also wondered if the problem I reported might be related to the separate legacy code paths in x509_vfy.c.
