On 2023-02-07 Tu 02:18, Peter Eisentraut wrote:
On 06.02.23 16:56, Andrew Dunstan wrote:
I recently moved crake to a new machine running Fedora 36, which has OpenSSL 3.0.0. This causes the SSL tests to fail on branches earlier than release 13, so I propose to backpatch commit f0d2c65f17 to the release 11 and 12 branches.
This is not the only patch that we did to support OpenSSL 3.0.0. There was a very lengthy discussion that resulted in various patches. Unless we have a complete analysis of what was done and how it affects various branches, I would not do this. Notably, we did actually consider what to backpatch, and the current state is the result of that. So let's not throw that away without considering that carefully. Even if it gets it to compile, I personally would not *trust* it without that analysis. I think we should just leave it alone and consider OpenSSL 3.0.0 unsupported in the branches were it is now unsupported. OpenSSL 1.1.1 is still supported upstream to serve those releases.
The only thing this commit does is replace a DES encrypted key file with one encrypted with AES-256. It doesn't affect compilation at all, and shouldn't affect tests run with 1.1.1.
I guess the alternatives are a) disable the SSL tests on branches <= 12 or b) completely disable building with SSL for branches <= 12. I would probably opt for a). I bet this crops up a few more times as OpenSSL 3.0.0 becomes more widespread, until release 12 goes EOL.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com