| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Seth Robertson <in-pgsql-hackers(at)baka(dot)org> |
| Subject: | Re: [PATCH] Automatic client certificate selection support for libpq v1 |
| Date: | 2009-05-11 08:02:17 |
| Message-ID: | 4A07DB89.2080508@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> On Friday 08 May 2009 22:03:56 Tom Lane wrote:
>> I hesitate though to suggest that we think about porting
>> ourselves to NSS --- I'm not sure that there would be benefits to us
>> within the context of Postgres alone.
>
> That could be attractive if we ripped out the OpenSSL code at the same time,
> as the NSS API is purportedly more abstract and presumably would reduce the
> amount and the complexity of the code.
Is NSS available on all the platforms that we are (and that has OpenSSL
today)?
Another thought: if we were to make ourselves support multiple SSL
libraries (that has been suggested before - at that point, people wanted
GnuTLS), we could also add support for Windows SChannel, which I'm sure
some win32 people would certainly prefer - much easier to do SSL
deployments within an existing MS infrastructure...
But no, that certainly wouldn't *reduce* the amount of code...
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2009-05-11 08:06:24 | Re: SSL cert chains patch |
| Previous Message | Greg Stark | 2009-05-11 07:59:54 | Re: SELECT ... FOR UPDATE [WAIT integer | NOWAIT] for 8.5 |