From a70e01d4306fdbcd5fbedb4ca97e5c21c995da60 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 2 Sep 2024 13:51:48 +0200 Subject: Remove support for OpenSSL older than 1.1.0 OpenSSL 1.0.2 has been EOL from the upstream OpenSSL project for some time, and is no longer the default OpenSSL version with any vendor which package PostgreSQL. By retiring support for OpenSSL 1.0.2 we can remove a lot of no longer required complexity for managing state within libcrypto which is now handled by OpenSSL. Reviewed-by: Jacob Champion Reviewed-by: Peter Eisentraut Reviewed-by: Michael Paquier Discussion: https://postgr.es/m/ZG3JNursG69dz1lr@paquier.xyz Discussion: https://postgr.es/m/CA+hUKGKh7QrYzu=8yWEUJvXtMVm_CNWH1L_TLWCbZMwbi1XP2Q@mail.gmail.com --- doc/src/sgml/installation.sgml | 2 +- doc/src/sgml/libpq.sgml | 36 ++++++++++++++++-------------------- 2 files changed, 17 insertions(+), 21 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml index 9e5a35ca3fe..ff9abd4649d 100644 --- a/doc/src/sgml/installation.sgml +++ b/doc/src/sgml/installation.sgml @@ -293,7 +293,7 @@ encrypted client connections. OpenSSL is also required for random number generation on platforms that do not have /dev/urandom (except Windows). The minimum - required version is 1.0.2. + required version is 1.1.0. diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index f916fce4142..25646f6f8e0 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -9865,9 +9865,11 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*) SSL Library Initialization - If your application initializes libssl and/or - libcrypto libraries and libpq - is built with SSL support, you should call + Applications which need to be compatible with older versions of + PostgreSQL, using OpenSSL + version 1.0.2 or older, need to initialize the SSL library before using it. + Applications which initialize libssl and/or + libcrypto libraries should call to tell libpq that the libssl and/or libcrypto libraries have been initialized by your application, so that @@ -9875,6 +9877,10 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*) However, this is unnecessary when using OpenSSL version 1.1.0 or later, as duplicate initializations are no longer problematic. + + Refer to the documentation for the version of PostgreSQL + that you are targeting for details on their use. + @@ -9890,21 +9896,8 @@ void PQinitOpenSSL(int do_ssl, int do_crypto); - When do_ssl is non-zero, libpq - will initialize the OpenSSL library before first - opening a database connection. When do_crypto is - non-zero, the libcrypto library will be initialized. By - default (if is not called), both libraries - are initialized. When SSL support is not compiled in, this function is - present but does nothing. - - - - If your application uses and initializes either OpenSSL - or its underlying libcrypto library, you must - call this function with zeroes for the appropriate parameter(s) - before first opening a database connection. Also be sure that you - have done that initialization before opening a database connection. + This function is deprecated and only present for backwards compatibility, + it does nothing. @@ -9921,11 +9914,14 @@ void PQinitSSL(int do_ssl); This function is equivalent to PQinitOpenSSL(do_ssl, do_ssl). - It is sufficient for applications that initialize both or neither - of OpenSSL and libcrypto. + This function is deprecated and only present for backwards compatibility, + it does nothing. + and + are maintained for backwards compatibility, but are no longer required + since PostgreSQL 18. has been present since PostgreSQL 8.0, while was added in PostgreSQL 8.4, so -- cgit v1.2.3