Removing broken support for OpenSSL without ECDH

Started by Daniel Gustafsson2 days ago2 messageshackers

daniel@yesql.se

2 days ago

Commit 316472146 introduced support for ECDH key exchange in 2013, honoring the
OPENSSL_NO_ECDH macro for checking it OpenSSL supports ECDH. A few years later
in 2015 OpenSSL removed the macro OPENSSL_NO_ECDH by merging OPENSSL_NO_ECDH
and OPENSSL_NO_ECDSA into a single OPENSSL_NO_EC macro in commit 10bf4fc2c [0]https://github.com/openssl/openssl/commit/10bf4fc2c.
PostgreSQL never got the memo though, so our check has been defunct ever since.

That being said, using OpenSSL without ECDH support sounds like an anti-feature
and not something we want to re-introduce support for, so I propose just
removing our useless guards as per the attached. There is clearly no need for
backpatching, but I propose applying to master as it cleans up the code.

Also, scanning the archives I was unable to find anyone complaining about this
not working (which came to no surprise).

--
Daniel Gustafsson

[0]: https://github.com/openssl/openssl/commit/10bf4fc2c

Tom Lane

tgl@sss.pgh.pa.us

2 days ago

In reply to: Daniel Gustafsson (#1)

Re: Removing broken support for OpenSSL without ECDH

Daniel Gustafsson <daniel@yesql.se> writes:

That being said, using OpenSSL without ECDH support sounds like an anti-feature
and not something we want to re-introduce support for, so I propose just
removing our useless guards as per the attached. There is clearly no need for
backpatching, but I propose applying to master as it cleans up the code.

LGTM.

regards, tom lane

Removing broken support for OpenSSL without ECDH

Attachments: