Quick Links

Re: Support for NSS as a libpq TLS backend

From:	Daniel Gustafsson <daniel(at)yesql(dot)se>
To:	Robert Haas <robertmhaas(at)gmail(dot)com>
Cc:	Andres Freund <andres(at)anarazel(dot)de>, Julien Rouhaud <rjuju123(at)gmail(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>
Subject:	Re: Support for NSS as a libpq TLS backend
Date:	2022-01-31 13:24:03
Message-ID:	27C73840-0403-4888-82EE-593C4EEDDD8E@yesql.se
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> On 28 Jan 2022, at 15:30, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
> On Fri, Jan 28, 2022 at 9:08 AM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>>> Kinda makes me question the wisdom of starting to depend on NSS. When openssl
>>> docs are vastly outshining a library's, that library really should start to
>>> ask itself some hard questions.
>
> Yeah, OpenSSL is very poor, so being worse is not good.
>
>> Sadly, there is that. While this is not a new problem, Mozilla has been making
>> some very weird decisions around NSS governance as of late. Another data point
>> is the below thread from libcurl:
>>
>> https://curl.se/mail/lib-2022-01/0120.html
>
> I would really, really like to have an alternative to OpenSSL for PG.
> I don't know if this is the right thing, though. If other people are
> dropping support for it, that's a pretty bad sign IMHO. Later in the
> thread it says OpenLDAP have dropped support for it already as well.

I'm counting this and Andres' comment as a -1 on the patchset, and given where
we are in the cycle I'm mark it rejected in the CF app shortly unless anyone
objects.

--
Daniel Gustafsson https://vmware.com/

In response to

Re: Support for NSS as a libpq TLS backend at 2022-01-28 14:30:02 from Robert Haas

Responses

Re: Support for NSS as a libpq TLS backend at 2022-01-31 16:24:54 from Stephen Frost
Re: Support for NSS as a libpq TLS backend at 2022-01-31 21:32:11 from Andres Freund

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2022-01-31 13:38:05	Re: refactoring basebackup.c
Previous Message	Amit Kapila	2022-01-31 13:02:11	Re: row filtering for logical replication