From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
---|---|
To: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [HACKERS] Support for Secure Transport SSL library on macOS as OpenSSL alternative |
Date: | 2018-01-21 23:08:03 |
Message-ID: | 0B15C584-EC0A-4D1B-A19E-4CEDB2128585@yesql.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Here’s an attempt at reviving an old patch that I’ve neglected for too long.
The attached patchset rebases Secure Transport support over HEAD and adds stub
functions for that the SCRAM support added to make everything compile and run
the SSL testsuite. There are no new features or bugfixes over the previously
posted patches.
Wrt SCRAM, I’m probably thick but I can’t really see what I need to do to
handle SCRAM, so I wouldn’t mind some cluesticks on that. The Secure Transport
API doesn’t allow for getting the TLS Finished message (at least I haven’t been
able to find a way), so channel binding can’t be supported afaict.
The testcode has been updated to handle Secure Transport, but it’s not
in a clean form, rather a quick hack to get something running while the project
settles on how to handle multiple SSL implementations.
I have for now excluded the previous doc changes awating the discussion on the
patch in 1f34fa82-52a0-1682-87ba-4c3c3d0afcc0(at)2ndquadrant(dot)com, once that
settles I’ll revive and write the documentation. The same goes for GUCs etc
which are discussed in other threads.
As per before, my patch for running tests against another set of binaries is
included as well as a fix for connstrings with spaces, but with the recent
hacking by Peter I assume this is superfluous. It was handy for development so
I’ve kept it around though.
cheers ./daniel
Attachment | Content-Type | Size |
---|---|---|
0001-WIP-Add-support-for-Apple-Secure-Transport-SSL-li-v3.patch | application/octet-stream | 119.7 KB |
0002-Allow-running-SSL-tests-against-different-binar-v3.patch | application/octet-stream | 8.4 KB |
0003-Allow-spaces-in-connectionstrings-v3.patch | application/octet-stream | 1.1 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2018-01-21 23:31:21 | Re: Bogus tags for comments, ACLs, and security labels in pg_dump |
Previous Message | Craig Ringer | 2018-01-21 22:45:07 | Re: BUGFIX: standby disconnect can corrupt serialized reorder buffers |