Quick Links

Re: Support for NSS as a libpq TLS backend

From:	Daniel Gustafsson <daniel(at)yesql(dot)se>
To:	Robert Haas <robertmhaas(at)gmail(dot)com>
Cc:	Andres Freund <andres(at)anarazel(dot)de>, Julien Rouhaud <rjuju123(at)gmail(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>
Subject:	Re: Support for NSS as a libpq TLS backend
Date:	2022-01-28 15:10:28
Message-ID:	5CFBB234-E347-4257-BDA9-D64B929B5B69@yesql.se
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> On 28 Jan 2022, at 15:30, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
> On Fri, Jan 28, 2022 at 9:08 AM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>>> Kinda makes me question the wisdom of starting to depend on NSS. When openssl
>>> docs are vastly outshining a library's, that library really should start to
>>> ask itself some hard questions.
>
> Yeah, OpenSSL is very poor, so being worse is not good.

Some background on this for anyone interested: Mozilla removed the
documentation from the MDN website and the attempt at resurrecting it in the
tree (where it should've been all along </rant>) isn't making much progress.
Some more can be found in this post on the NSS mailinglist:

https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/p0MO7030K4A/m/Mx5St_2sAwAJ

--
Daniel Gustafsson https://vmware.com/

In response to

Re: Support for NSS as a libpq TLS backend at 2022-01-28 14:30:02 from Robert Haas

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Dagfinn Ilmari Mannsåker	2022-01-28 15:28:20	Re: Server-side base backup: why superuser, not pg_write_server_files?
Previous Message	Bharath Rupireddy	2022-01-28 14:51:52	Re: Is there a way (except from server logs) to know the kind of on-going/last checkpoint?