On Sat, Aug 27, 2016 at 2:04 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> On 08/26/2016 07:44 PM, Tom Lane wrote:
>> Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
>> Also, I get this on fully-up-to-date OS X (El Capitan):
>>
>> $ openssl version
>> OpenSSL 0.9.8zh 14 Jan 2016
>
>
> Ok, sold, let's remove support for OpenSSL < 0.9.8.
Yes I think it's a wiser plan to not brush up newer versions than that.
>> Worth noting though is that without -Wno-deprecated-declarations, you
>> find that Apple has sprinkled the entire OpenSSL API with deprecation
>> warnings. That suggests that their plan for the future is to drop it
>> rather than update it. Should we be thinking ahead to that?
>
>
> Yeah, they want people to move to their own SSL library [1]. I doubt they
> will actually remove it any time soon, but who knows. It would be a good
> project for someone with an OS X system and some spare time, to write a
> patch to build with OS X's native SSL library instead of OpenSSL. The code
> is structured nicely to enable that now.
>
> [1] I couldn't find any official statement, but lots of blog posts saying
> the same thing.
As well on El Capitan:
$ ssh -V
OpenSSH_6.9p1, LibreSSL 2.1.8
So could it be possible that it would be a switch from openssl to
libressl instead?
--
Michael