Re: To Heikki Linnakangas 2016-09-15 <20160915213406.2mjlhcg7px3saynq@msg.df7cb.de>
> > Can you elaborate? Are you saying that Debian 9 (strect) will not ship
> > OpenSSL 1.0.2 anymore, and will require using OpenSSL 1.1.0?
>
> I thought that was the plan, but upon asking on #debian-devel, it
> seems it's not set yet. I'll ask the maintainers directly and report
> back.
The plan is to ship only OpenSSL 1.1 in Stretch. (The list of packages
not yet ported is enormous, though, so I'm not yet sure it will really
happen.)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827061
Re: Tom Lane 2016-09-16 <17025.1473977329@sss.pgh.pa.us>
> > Here is the result of backporting the sum of the two patches on top of
> > REL9_4_STABLE. Not sure if we need this, but if we do we can apply this
> > patch.
>
> If someone's done the legwork, I think we would be well advised to
> back-patch. Maybe not bother with 9.1 though.
Thanks for the patch!
I just tried to apply it to 9.2. There was a conflict in configure.in which was
trivial to resolve.
Another conflict in contrib/pgcrypto/pgcrypto.c was not applicable
because the code doesn't seem to exist (didn't try very hard though).
Ignoring the contrib conflict, it still didn't compile:
/home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c: In function ‘secure_write’:
/home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c:342:17: error: dereferencing pointer to
incompletetype ‘SSL {aka struct ssl_st}’ if (port->ssl->state != SSL_ST_OK) ^~
/home/cbe/projects/postgresql/debian/9.2/build/../src/backend/libpq/be-secure.c:342:28: error: ‘SSL_ST_OK’ undeclared
(firstuse in this function) if (port->ssl->state != SSL_ST_OK) ^~~~~~~~~
Christoph