database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-27 12:41:57 +03:00
Code Activity

Remove support for OpenSSL versions older than 0.9.8.

Browse Source 
OpenSSL officially only supports 1.0.1 and newer. Some OS distributions
still provide patches for 0.9.8, but anything older than that is not
interesting anymore. Let's simplify things by removing compatibility code.

Andreas Karlsson, with small changes by me.
This commit is contained in:
Heikki Linnakangas
2016-08-29 20:16:02 +03:00
parent cf34fdbbe1
commit 9b7cd59af1
7 changed files with 20 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
doc/src/sgml/installation.sgml
View File

@ -252,10 +252,17 @@ su - postgres
<listitem>
<para>
You need <application>Kerberos</>, <productname>OpenSSL</>,
<productname>OpenLDAP</>, and/or
<application>PAM</>, if you want to support authentication or
encryption using those services.
You need <productname>OpenSSL</>, if you want to support
encrypted client connections. The minimum required version is
0.9.8.
</para>
</listitem>
<listitem>
<para>
You need <application>Kerberos</>, <productname>OpenLDAP</>,
and/or <application>PAM</>, if you want to support authentication
using those services.
</para>
</listitem>
@ -2826,30 +2833,6 @@ MANPATH=/usr/lib/scohelp/%L/man:/usr/dt/man:/usr/man:/usr/share/man:scohelp:/usr
</para>
</sect3>
<sect3>
<title>Problems with OpenSSL</title>
<para>
When you build PostgreSQL with OpenSSL support you might get
compilation errors in the following files:
<itemizedlist>
<listitem><para><filename>src/backend/libpq/crypt.c</filename></para></listitem>
<listitem><para><filename>src/backend/libpq/password.c</filename></para></listitem>
<listitem><para><filename>src/interfaces/libpq/fe-auth.c</filename></para></listitem>
<listitem><para><filename>src/interfaces/libpq/fe-connect.c</filename></para></listitem>
</itemizedlist>
This is because of a namespace conflict between the standard
<filename>/usr/include/crypt.h</filename> header and the header
files provided by OpenSSL.
</para>
<para>
Upgrading your OpenSSL installation to version 0.9.6a fixes this
problem. Solaris 9 and above has a newer version of OpenSSL.
</para>
</sect3>
<sect3>
<title>configure Complains About a Failed Test Program</title>

3
doc/src/sgml/libpq.sgml
View File

@ -1238,8 +1238,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
<listitem>
<para>
If set to 1 (default), data sent over SSL connections will be
compressed (this requires <productname>OpenSSL</> version
0.9.8 or later).
compressed.
If set to 0, compression will be disabled (this requires
<productname>OpenSSL</> 1.0.0 or later).
This parameter is ignored if a connection without SSL is made,

18
doc/src/sgml/pgcrypto.sgml
View File

@ -1184,12 +1184,12 @@ gen_random_uuid() returns uuid
<row>
<entry>SHA224/256/384/512</entry>
<entry>yes</entry>
<entry>yes (Note 1)</entry>
<entry>yes</entry>
</row>
<row>
<entry>Other digest algorithms</entry>
<entry>no</entry>
<entry>yes (Note 2)</entry>
<entry>yes (Note 1)</entry>
</row>
<row>
<entry>Blowfish</entry>
@ -1199,7 +1199,7 @@ gen_random_uuid() returns uuid
<row>
<entry>AES</entry>
<entry>yes</entry>
<entry>yes (Note 3)</entry>
<entry>yes</entry>
</row>
<row>
<entry>DES/3DES/CAST5</entry>
@ -1230,12 +1230,6 @@ gen_random_uuid() returns uuid
</para>
<orderedlist>
<listitem>
<para>
SHA2 algorithms were added to OpenSSL in version 0.9.8. For
older versions, <filename>pgcrypto</> will use built-in code.
</para>
</listitem>
<listitem>
<para>
Any digest algorithm OpenSSL supports is automatically picked up.
@ -1243,12 +1237,6 @@ gen_random_uuid() returns uuid
explicitly.
</para>
</listitem>
<listitem>
<para>
AES is included in OpenSSL since version 0.9.7. For
older versions, <filename>pgcrypto</> will use built-in code.
</para>
</listitem>
</orderedlist>
</sect3>