From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
---|---|
To: | Jacob Champion <pchampion(at)vmware(dot)com> |
Cc: | "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net> |
Subject: | Re: Support for NSS as a libpq TLS backend |
Date: | 2021-06-23 13:48:59 |
Message-ID: | 02AB4044-0823-4F77-B69B-18DB378C8743@yesql.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Attached is a rebased version which incorporates your recent patchset for
resource handling, as well as the connect_ok test patch.
I've implemented tracking the close_notify alert that you mentioned offlist,
but it turns out that the alert callbacks in NSS are of limited use so it
close_notify is currently the only checked description. The enum which labels
the descriptions in the SSLAlert struct is private, so it's just sending over
an anonymous number apart from close_notify which is zero.
A few other fixups are included as well, like adapting the pending data read
function in the frontend to how the OpenSSL implementation does it.
--
Daniel Gustafsson https://vmware.com/
Attachment | Content-Type | Size |
---|---|---|
v38-0010-nss-Build-infrastructure.patch | application/octet-stream | 21.4 KB |
v38-0009-nss-Support-NSS-in-cryptohash.patch | application/octet-stream | 6.1 KB |
v38-0008-nss-Support-NSS-in-sslinfo.patch | application/octet-stream | 3.6 KB |
v38-0007-nss-Support-NSS-in-pgcrypto.patch | application/octet-stream | 24.9 KB |
v38-0006-nss-Documentation.patch | application/octet-stream | 35.3 KB |
v38-0005-nss-pg_strong_random-support.patch | application/octet-stream | 2.0 KB |
v38-0004-test-check-for-empty-stderr-during-connect_ok.patch | application/octet-stream | 3.6 KB |
v38-0003-nss-Add-NSS-specific-tests.patch | application/octet-stream | 57.9 KB |
v38-0002-Refactor-SSL-testharness-for-multiple-library.patch | application/octet-stream | 11.5 KB |
v38-0001-nss-Support-libnss-as-TLS-library-in-libpq.patch | application/octet-stream | 102.0 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Álvaro Herrera | 2021-06-23 14:02:12 | Re: Race condition in InvalidateObsoleteReplicationSlots() |
Previous Message | Tom Lane | 2021-06-23 13:32:19 | Re: Reducing the cycle time for CLOBBER_CACHE_ALWAYS buildfarm members |