Re: Support for NSS as a libpq TLS backend

From: Jacob Champion <pchampion(at)vmware(dot)com>
To: "daniel(at)yesql(dot)se" <daniel(at)yesql(dot)se>
Cc: "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de>
Subject: Re: Support for NSS as a libpq TLS backend
Date: 2021-12-16 19:56:25
Message-ID: 437d8ea151fb367194659370c2062f31a187c3f6.camel@vmware.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, 2021-12-15 at 23:10 +0100, Daniel Gustafsson wrote:
> > On 30 Nov 2021, at 20:03, Jacob Champion <pchampion(at)vmware(dot)com> wrote:
> >
> > On Mon, 2021-09-27 at 15:44 +0200, Daniel Gustafsson wrote:
> > > > Speaking of IP addresses in SANs, it doesn't look like our OpenSSL
> > > > backend can handle those. That's a separate conversation, but I might
> > > > take a look at a patch for next commitfest.
> > >
> > > Please do.
> >
> > Didn't get around to it for November, but I'm putting the finishing
> > touches on that now.
>
> Cool, thanks!

Done and registered in Commitfest.

> Yeah, that's clearly bogus. I followed the bouncing ball reading NSS code and
> from what I can tell the comment is correct. I removed the dead code, only
> realizing after the fact that I might cause conflict with your tree doing so,
> in that case sorry.

No worries, there weren't any issues with the rebase.

> I've attached a v50 which fixes the issues found by Joshua upthread, as well as
> rebases on top of all the recent SSL and pgcrypto changes.

Thanks!

--Jacob

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2021-12-16 20:10:58 Re: Column Filtering in Logical Replication
Previous Message Jacob Champion 2021-12-16 19:14:58 Re: [PATCH] Accept IP addresses in server certificate SANs