| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Postgres hackers <pgsql-hackers(at)postgresql(dot)org>, sfackler(at)gmail(dot)com, Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Subject: | Re: Supporting tls-server-end-point as SCRAM channel binding for OpenSSL 1.0.0 and 1.0.1 |
| Date: | 2018-05-30 02:48:20 |
| Message-ID: | 20180530024820.GA19009@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, May 29, 2018 at 10:33:03PM -0400, Heikki Linnakangas wrote:
> Hmm. I think Peter went through this in commits ac3ff8b1d8 and 054e8c6cdb.
> If you got that working now, I suppose we could do that, but I'm actually
> inclined to just stick to the current, more straightforward code, and
> require OpenSSL 1.0.2 for this feature. OpenSSL 1.0.2 has been around for
> several years now. It's not available on all the popular platforms and
> distributions yet, but I don't want to bend over backwards to support those.
I think that this mainly boils down to how much Postgres JDBC wants to
get support here as some vendors can maintain oldest versions of OpenSSL
for a long time. The extra code is not that much complicated by the
way, still it is true that HEAD is cleaner with its simplicity.
Steven, as the initial reporter, what's your take?
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2018-05-30 03:01:02 | Re: Performance regression with PostgreSQL 11 and partitioning |
| Previous Message | Heikki Linnakangas | 2018-05-30 02:33:03 | Re: Supporting tls-server-end-point as SCRAM channel binding for OpenSSL 1.0.0 and 1.0.1 |