Add alternative output for OpenSSL 3 without legacy loaded

OpenSSL 3 introduced the concept of providers to support modularization, and moved the outdated ciphers to the new legacy provider. In case it's not loaded in the users openssl.cnf file there will be a lot of regress test failures, so add alternative outputs covering those. Also document the need to load the legacy provider in order to use older ciphers with OpenSSL-enabled pgcrypto. This will be backpatched to all supported version once there is sufficient testing in the buildfarm of OpenSSL 3. Reviewed-by: Michael Paquier Discussion: https://postgr.es/m/FEF81714-D479-4512-839B-C769D2605F8A@yesql.se Backpatch-through: 9.6
author: Daniel Gustafsson <dgustafsson@postgresql.org> 2021-09-25 11:27:28 +0200
committer: Daniel Gustafsson <dgustafsson@postgresql.org> 2021-09-25 11:27:28 +0200
commit: 8e7199453bf9fe142f3f4a5e17010320c24867e7 (patch)
tree: 20bbff0fdb1388b4c71388a6cfd74dbd0b94f813 /doc/src
parent: 135d8687adf12a0d4cd7c94d1095ed5a7a08f7ed (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml
index 6fd645aa70a..49c07bdb6f5 100644
--- a/doc/src/sgml/pgcrypto.sgml
+++ b/doc/src/sgml/pgcrypto.sgml
@@ -1233,6 +1233,13 @@ gen_random_uuid() returns uuid
    </table>
 
    <para>
+    When compiled against <productname>OpenSSL</productname> 3.0.0 and later
+    versions, the legacy provider must be activated in the
+    <filename>openssl.cnf</filename> configuration file in order to use older
+    ciphers like DES or Blowfish.
+   </para>
+
+   <para>
     Notes:
    </para>
author	Daniel Gustafsson <dgustafsson@postgresql.org>	2021-09-25 11:27:28 +0200
committer	Daniel Gustafsson <dgustafsson@postgresql.org>	2021-09-25 11:27:28 +0200
commit	8e7199453bf9fe142f3f4a5e17010320c24867e7 (patch)
tree	20bbff0fdb1388b4c71388a6cfd74dbd0b94f813 /doc/src
parent	135d8687adf12a0d4cd7c94d1095ed5a7a08f7ed (diff)