Remove support for OpenSSL older than 1.1.0

OpenSSL 1.0.2 has been EOL from the upstream OpenSSL project for
some time, and is no longer the default OpenSSL version with any
vendor which package PostgreSQL. By retiring support for OpenSSL
1.0.2 we can remove a lot of no longer required complexity for
managing state within libcrypto which is now handled by OpenSSL.

Reviewed-by: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/ZG3JNursG69dz1lr@paquier.xyz
Discussion: https://postgr.es/m/CA+hUKGKh7QrYzu=8yWEUJvXtMVm_CNWH1L_TLWCbZMwbi1XP2Q@mail.gmail.com

1 files changed, 4 insertions, 10 deletions

diff --git a/src/include/common/openssl.h b/src/include/common/openssl.h
index 964d691d32d..cc54604e6e8 100644
--- a/src/include/common/openssl.h
+++ b/src/include/common/openssl.h
@@ -18,10 +18,10 @@
 #include <openssl/ssl.h>
 
 /*
- * OpenSSL doesn't provide any very nice way to identify the min/max
- * protocol versions the library supports, so we fake it as best we can.
- * Note in particular that this doesn't account for restrictions that
- * might be specified in the installation's openssl.cnf.
+ * LibreSSL doesn't provide any very nice way to identify the max protocol
+ * versions the library supports, analogous to TLS_MAX_VERSION in OpenSSL, so
+ * we define our own.  Note in particular that this doesn't account for
+ * restrictions that might be specified in the installation's openssl.cnf.
  *
  * We disable SSLv3 and older in library setup, so TLSv1 is the oldest
  * protocol version of interest.
@@ -38,12 +38,6 @@
 #define MAX_OPENSSL_TLS_VERSION  "TLSv1"
 #endif
 
-/* src/common/protocol_openssl.c */
-#ifndef SSL_CTX_set_min_proto_version
-extern int	SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
-extern int	SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
-#endif
-
 #endif							/* USE_OPENSSL */
 
 #endif							/* COMMON_OPENSSL_H */