Add alternative output for OpenSSL 3 without legacy loaded

OpenSSL 3 introduced the concept of providers to support modularization, and moved the outdated ciphers to the new legacy provider. In case it's not loaded in the users openssl.cnf file there will be a lot of regress test failures, so add alternative outputs covering those. Also document the need to load the legacy provider in order to use older ciphers with OpenSSL-enabled pgcrypto. This will be backpatched to all supported version once there is sufficient testing in the buildfarm of OpenSSL 3. Reviewed-by: Michael Paquier Discussion: https://postgr.es/m/FEF81714-D479-4512-839B-C769D2605F8A@yesql.se Backpatch-through: 9.6
author: Daniel Gustafsson <dgustafsson@postgresql.org> 2021-09-25 11:27:28 +0200
committer: Daniel Gustafsson <dgustafsson@postgresql.org> 2021-09-25 11:27:28 +0200
commit: 7b6ce36fbab522ced3860fa43fcb587efda29ac8 (patch)
tree: 92c0b652bf55177c4fec85308f0ee36bbabcf6e2 /doc/src
parent: 00c72da4a22d9883b1e511ff140bd47cc75d536d (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml
index fa20c07a520..d8ba9f26b11 100644
--- a/doc/src/sgml/pgcrypto.sgml
+++ b/doc/src/sgml/pgcrypto.sgml
@@ -1226,6 +1226,13 @@ gen_random_uuid() returns uuid
    </table>
 
    <para>
+    When compiled against <productname>OpenSSL</productname> 3.0.0 and later
+    versions, the legacy provider must be activated in the
+    <filename>openssl.cnf</filename> configuration file in order to use older
+    ciphers like DES or Blowfish.
+   </para>
+
+   <para>
     Notes:
    </para>
author	Daniel Gustafsson <dgustafsson@postgresql.org>	2021-09-25 11:27:28 +0200
committer	Daniel Gustafsson <dgustafsson@postgresql.org>	2021-09-25 11:27:28 +0200
commit	7b6ce36fbab522ced3860fa43fcb587efda29ac8 (patch)
tree	92c0b652bf55177c4fec85308f0ee36bbabcf6e2 /doc/src
parent	00c72da4a22d9883b1e511ff140bd47cc75d536d (diff)