On 08/26/2016 07:44 PM, Tom Lane wrote:
Peter Eisentraut <peter.eisentr...@2ndquadrant.com> writes:
On 8/26/16 5:31 AM, Heikki Linnakangas wrote:
I think now would be a good time to drop support for OpenSSL versions
older than 0.9.8. OpenSSL don't even support 0.9.8 anymore, although
there are probably distributions out there that still provide patches
for it. But OpenSSL 0.9.7 and older are really not interesting for
PostgreSQL 10 anymore, I think.

CentOS 5 currently ships 0.9.8e.  That's usually the oldest OS we want
to support eagerly.

Also, I get this on fully-up-to-date OS X (El Capitan):

$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016

Ok, sold, let's remove support for OpenSSL < 0.9.8.

Worth noting though is that without -Wno-deprecated-declarations, you
find that Apple has sprinkled the entire OpenSSL API with deprecation
warnings.  That suggests that their plan for the future is to drop it
rather than update it.  Should we be thinking ahead to that?

Yeah, they want people to move to their own SSL library [1]. I doubt they will actually remove it any time soon, but who knows. It would be a good project for someone with an OS X system and some spare time, to write a patch to build with OS X's native SSL library instead of OpenSSL. The code is structured nicely to enable that now.

[1] I couldn't find any official statement, but lots of blog posts saying the same thing.

- Heikki

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to