| From: | Jacob Champion <pchampion(at)vmware(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Andres Freund <andres(at)anarazel(dot)de>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Michael Paquier <michael(at)paquier(dot)xyz>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com> |
| Subject: | Re: Support for NSS as a libpq TLS backend |
| Date: | 2020-11-10 20:11:19 |
| Message-ID: | 1B0B31E4-AD37-475C-9374-7E24AA808479@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Nov 6, 2020, at 3:11 PM, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>
> The attached switches to SSL_ConfigServerSessionIDCacheWithOpt
> with which one can explicitly make the cache non-shared, which in turn backs
> the mutexes with NSPR locks rather than the missing sem_init. Can you test
> this version and see if that makes it work?
Yep, I get much farther through the tests with that patch. I'm currently
diving into another assertion failure during socket disconnection:
Assertion failure: fd->secret == NULL, at prlayer.c:45
cURL has some ominously vague references to this [1], though I'm not
sure that we should work around it in the same way without knowing what
the cause is...
--Jacob
[1] https://github.com/curl/curl/blob/4d2f800/lib/vtls/nss.c#L1266
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sergei Kornilov | 2020-11-10 20:52:08 | Re: Allow some recovery parameters to be changed with reload |
| Previous Message | Stephen Frost | 2020-11-10 20:09:04 | Re: proposal: possibility to read dumped table's name from file |