Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wRmy9-002hUe-0c
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 26 May 2026 08:16:57 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wRmy7-003vvk-0L
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 26 May 2026 08:16:56 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <daniel@yesql.se>)
	id 1wRmy6-003vvb-1t
	for pgsql-hackers@lists.postgresql.org;
	Tue, 26 May 2026 08:16:55 +0000
Received: from smtp.outgoing.loopia.se ([93.188.3.37])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <daniel@yesql.se>)
	id 1wRmy5-00000001UGV-2HEq
	for pgsql-hackers@lists.postgresql.org;
	Tue, 26 May 2026 08:16:55 +0000
Received: from s807.loopia.se (localhost [127.0.0.1])
	by s807.loopia.se (Postfix) with ESMTP id E3E875DAC51
	for <pgsql-hackers@lists.postgresql.org>;
 Tue, 26 May 2026 10:16:51 +0200 (CEST)
Received: from s979.loopia.se (unknown [172.22.191.6])
	by s807.loopia.se (Postfix) with ESMTP id D558D5DB90D;
	Tue, 26 May 2026 10:16:51 +0200 (CEST)
Received: from localhost (unknown [172.22.191.5])
	by s979.loopia.se (Postfix) with ESMTP id D164B10BC45D;
	Tue, 26 May 2026 10:16:51 +0200 (CEST)
X-Virus-Scanned: amavis at amavis.loopia.se
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2
 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 DKIM_VALID_EF=-0.1] autolearn=disabled
Authentication-Results: s474.loopia.se (amavis); dkim=pass (2048-bit key)
 header.d=yesql.se
Received: from s899.loopia.se ([172.22.191.5])
 by localhost (s474.loopia.se [172.22.190.14]) (amavis, port 10024)
 with UTF8LMTP id 1LHRqyejPCTe; Tue, 26 May 2026 10:16:51 +0200 (CEST)
X-Loopia-Auth: user
X-Loopia-User: daniel@yesql.se
X-Loopia-Originating-IP: 89.255.232.236
Received: from smtpclient.apple (customer-89-255-232-236.stosn.net
 [89.255.232.236])
	(Authenticated sender: daniel@yesql.se)
	by s899.loopia.se (Postfix) with ESMTPSA id 3EB1F2C8BA6E;
	Tue, 26 May 2026 10:16:51 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se;
	s=loopiadkim1707475645; t=1779783411;
	bh=uCaUGwrVviwQj5J8GwO2gDAF75Hqm9o/lnKHj/fDuRM=;
	h=Subject:From:In-Reply-To:Date:Cc:References:To;
	b=DKiHEvVk0lrHqB3B7TkpQKDkdHwc3lGjonNFyW4XZbTcayDYunIYg5MqF2a/D7Zh3
	 n7ucM1LxA1nhze7frKLigzx2Or2YvoO6rnDOiiQA9huHXOtGCR7cKQ8ZkukF0C7Y63
	 GEvRL452HFe0gNTnpAix3vDWx9geSP1xN2J0laaHWhxHDSXMXC4akWVC0fbmI41Y7D
	 FLvxzUyRyEfcQM3+kgr0B/Fom0X6/6ahDLE55rOgX2DBqLSwNf0NEavTIeGQhpuiVS
	 MKzpNezoihzex0Yy5m2yREHQoirLdZ/m1LtvN3/zH9ZNg06Ii1wG+Ya6Jjfwu9S9Qw
	 8ICNaaqCyEBKQ==
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.12\))
Subject: Re: PostgreSQL and OpenSSL 4.0.0
From: Daniel Gustafsson <daniel@yesql.se>
In-Reply-To: <ahU3irfvsoO5Ul9S@paquier.xyz>
Date: Tue, 26 May 2026 10:16:40 +0200
Cc: Tom Lane <tgl@sss.pgh.pa.us>,
 PostgreSQL-development <pgsql-hackers@lists.postgresql.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D0390DDA-4F5E-404C-A710-6D458452B833@yesql.se>
References: <066B07BB-85FA-487C-BE8C-40F791CFC3C4@yesql.se>
 <aeKrQfeyDLVE3cmw@paquier.xyz>
 <65C5DC15-DE27-4D36-8AEE-A854C23B3834@yesql.se>
 <af0OcVKUaAMW1RaR@paquier.xyz> <898414.1778192534@sss.pgh.pa.us>
 <1A5104C0-E9EF-4D90-9627-23D3D909104B@yesql.se>
 <af2ODKxUkLzFIiuX@paquier.xyz>
 <95045A62-9A81-4AD8-BA25-D8648BD68499@yesql.se>
 <A6A15B8A-FCAE-455A-A5AE-EC3A7934F987@yesql.se>
 <ahU3irfvsoO5Ul9S@paquier.xyz>
To: Michael Paquier <michael@paquier.xyz>
X-Mailer: Apple Mail (2.3776.700.51.11.12)
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/D0390DDA-4F5E-404C-A710-6D458452B833%40yesql.se>
Precedence: bulk

> On 26 May 2026, at 08:02, Michael Paquier <michael@paquier.xyz> wrote:
>=20
> On Tue, May 19, 2026 at 02:18:08PM -0700, Daniel Gustafsson wrote:
>>> On 8 May 2026, at 00:21, Daniel Gustafsson <daniel@yesql.se> wrote:
>>=20
>>> I think the changes are straightforward enough that we can go ahead =
with them.
>>> I'll re-test and re-post a new patchset for all branches once the =
minors ship.
>>=20
>> Attached are rebased versions of this patchset for v14-master.
>=20
> I have a question here.  Most of the changes relate to the use of =
const
> where the OpenSSL APIs require these to be so, but why is this a new
> requirement for 4.0?  I can see that for most of the upstream
> routines, the const changes are much older, like in 8cc86b81ac20 for
> X509_NAME_get_text_by_NID() applying down to branch openssl-3.0.

It is very true that OpenSSL has been constifying the API over time, the =
change
in 4.0 revolves around making more returnvalues const.  In the case at =
hand,
X509_get_subject_name() now returns a const X509_NAME pointer since =
commit
b0f2107b4404.  This wouldn't be a problem since =
X509_NAME_get_text_by_NID()
does as you say take a const parameter, but since we have shoehorned =
LibreSSL
support into the same file we are tied to the least common denominator =
and
LibreSSL is far behind OpenSSL on constifying.  So in this case, we need =
to
unconstify() to keep LibreSSL compiling.

I have plans for fixing this in v20 but for 14-19 there isn't much we =
can do
except unconstifying.

--
Daniel Gustafsson