From a70e01d4306fdbcd5fbedb4ca97e5c21c995da60 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 2 Sep 2024 13:51:48 +0200 Subject: Remove support for OpenSSL older than 1.1.0 OpenSSL 1.0.2 has been EOL from the upstream OpenSSL project for some time, and is no longer the default OpenSSL version with any vendor which package PostgreSQL. By retiring support for OpenSSL 1.0.2 we can remove a lot of no longer required complexity for managing state within libcrypto which is now handled by OpenSSL. Reviewed-by: Jacob Champion Reviewed-by: Peter Eisentraut Reviewed-by: Michael Paquier Discussion: https://postgr.es/m/ZG3JNursG69dz1lr@paquier.xyz Discussion: https://postgr.es/m/CA+hUKGKh7QrYzu=8yWEUJvXtMVm_CNWH1L_TLWCbZMwbi1XP2Q@mail.gmail.com --- src/interfaces/libpq/fe-connect.c | 18 ------------------ 1 file changed, 18 deletions(-) (limited to 'src/interfaces/libpq/fe-connect.c') diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 4cd7281b6ed..3fa2dd864fe 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -3342,16 +3342,6 @@ keep_going: /* We will come back to here until there is #ifdef USE_SSL - /* - * Enable the libcrypto callbacks before checking if SSL needs - * to be done. This is done before sending the startup packet - * as depending on the type of authentication done, like MD5 - * or SCRAM that use cryptohashes, the callbacks would be - * required even without a SSL connection - */ - if (pqsecure_initialize(conn, false, true) < 0) - goto error_return; - /* * If SSL is enabled, start the SSL negotiation. We will come * back here after SSL encryption has been established, with @@ -3544,14 +3534,6 @@ keep_going: /* We will come back to here until there is } } - /* - * Set up global SSL state if required. The crypto state has - * already been set if libpq took care of doing that, so there - * is no need to make that happen again. - */ - if (pqsecure_initialize(conn, true, false) != 0) - goto error_return; - /* * Begin or continue the SSL negotiation process. */ -- cgit v1.2.3