| From: | Andreas Karlsson <andreas(at)proxel(dot)se> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [HACKERS] GnuTLS support |
| Date: | 2018-01-31 00:36:01 |
| Message-ID: | 0d738164-6aa8-10fa-66e7-cbbadaf0787c@proxel.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 01/26/2018 03:54 AM, Peter Eisentraut wrote:
> On 1/25/18 20:10, Michael Paquier wrote:
>> Peter, could you change ssl_version() and ssl_cipher() in sslinfo at the
>> same time please? I think that those should use the generic backend-side
>> APIs as well. sslinfo depends heavily on OpenSSL, OK, but if possible
>> getting this code more generic will help users of sslinfo to get
>> something partially working with other SSL implementations natively.
>
> sslinfo is currently entirely dependent on OpenSSL, so I don't think
> it's useful to throw in one or two isolated API changes.
>
> I'm thinking maybe we should get rid of sslinfo and fold everything into
> pg_stat_ssl.
I think sslinfo should either use the pg_tls_get_* functions or be
removed. I do not like having an OpenSSL specific extension. One issue
though is that pg_tls_get_* truncates strings to a given length while
sslinfo allocates a copy and is therefore only limited by the maximum
size of text, but this may not be an issue in practice.
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2018-01-31 00:36:35 | Re: Regarding drop index |
| Previous Message | Tsunakawa, Takayuki | 2018-01-31 00:04:32 | RE: Temporary tables prevent autovacuum, leading to XID wraparound |