On Mon Jul 13, 2026 at 2:17 PM UTC, Daniel Gustafsson wrote: > I've been collecting a few small fixups to the OpenSSL code and figured it was > time to send them over to keep the number of fixes more manageable. > > * 0001: Remove the use of static variable to not interfere with the future > multithreading efforts > * 0002: Replace SSLv23_method with TLS_method, it has been an alias to the new > name since 2015 in OpenSSL > * 0003: Replace deprecated API X509_NAME_get_text_by_NID with the recommended > alternative X509_NAME_get_index_by_NID + X509_NAME_get_entry. The API was > deprecated in OpenSSL 4 and risk getting removed, with the alternatives > being > available in all supported versions. > * 0004: Fix TLS protocol detection. We have been using the wrong macro for > feature test for a long time, replace with the actual feature test macro. > (There is no protocol downgrade here, it will error out when > misconfiguring). > > None of these change existing functionality or introduce new functionality.
The patches look good. I did have one comment in patch 0001. For the hasWarned argument to init_host_context, do we you think we should add an Assert(hasWarned) or add a pg_attribute_nonnull(3)? I see we dereference the pointer without first checking for its validity. I know it isn't common in Postgres source code to add such protections, but I figured I would point it out anyway. -- Tristan Partin PostgreSQL Contributors Team AWS (https://aws.amazon.com)
