Re: [HACKERS] Support for Secure Transport SSL library on macOS as OpenSSL alternative

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [HACKERS] Support for Secure Transport SSL library on macOS as OpenSSL alternative
Date: 2018-01-21 23:08:03
Message-ID: 0B15C584-EC0A-4D1B-A19E-4CEDB2128585@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Here’s an attempt at reviving an old patch that I’ve neglected for too long.

The attached patchset rebases Secure Transport support over HEAD and adds stub
functions for that the SCRAM support added to make everything compile and run
the SSL testsuite. There are no new features or bugfixes over the previously
posted patches.

Wrt SCRAM, I’m probably thick but I can’t really see what I need to do to
handle SCRAM, so I wouldn’t mind some cluesticks on that. The Secure Transport
API doesn’t allow for getting the TLS Finished message (at least I haven’t been
able to find a way), so channel binding can’t be supported afaict.

The testcode has been updated to handle Secure Transport, but it’s not
in a clean form, rather a quick hack to get something running while the project
settles on how to handle multiple SSL implementations.

I have for now excluded the previous doc changes awating the discussion on the
patch in 1f34fa82-52a0-1682-87ba-4c3c3d0afcc0(at)2ndquadrant(dot)com, once that
settles I’ll revive and write the documentation. The same goes for GUCs etc
which are discussed in other threads.

As per before, my patch for running tests against another set of binaries is
included as well as a fix for connstrings with spaces, but with the recent
hacking by Peter I assume this is superfluous. It was handy for development so
I’ve kept it around though.

cheers ./daniel

Attachment Content-Type Size
0001-WIP-Add-support-for-Apple-Secure-Transport-SSL-li-v3.patch application/octet-stream 119.7 KB
0002-Allow-running-SSL-tests-against-different-binar-v3.patch application/octet-stream 8.4 KB
0003-Allow-spaces-in-connectionstrings-v3.patch application/octet-stream 1.1 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2018-01-21 23:31:21 Re: Bogus tags for comments, ACLs, and security labels in pg_dump
Previous Message Craig Ringer 2018-01-21 22:45:07 Re: BUGFIX: standby disconnect can corrupt serialized reorder buffers