Re: El Capitan Removes OpenSSL Headers

On Tue, Dec 1, 2015 at 3:14 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Robert Haas <robertmhaas@gmail.com> writes:
>> On Tue, Dec 1, 2015 at 2:56 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> "David E. Wheeler" <david@justatheory.com> writes:
>>>> I don’t suppose anyone has looked at what it would take to get PostgreSQL use Secure Transport, right?
>
>>> This is going to put a bit more urgency into the project Heikki had been
>>> working on to allow use of more than one SSL implementation.  I can't
>>> really see us back-porting that, though, which is going to leave things
>>> in a fairly nasty place for all pre-9.6 branches ...
>
>> I think it'd be great to finish that project, but having to use
>> MacPorts to install the headers isn't really a big deal, is it?
>
> Well, you'd have to use MacPorts' version of the openssl libraries,
> too, since there'd be no certainty that their headers match the
> Apple-provided libraries (in fact, I'd bet a lot that they don't).
> This would be a pain if you wanted to put your compiled PG executables
> on some other Mac.

Yeah, I guess it means that people building for MacOS X will probably
have to ship OpenSSL as a dependency, which also means that they will
need to update it when new versions are released.  That is already a
pretty obnoxious disease on Windows, and it's unfortunate to see it
spreading.  It would save us a good deal of staff time here at
EnterpriseDB if we didn't have to do new releases of everything on
Windows every time there is an OpenSSL update.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company