| From: | Jacob Champion <pchampion(at)vmware(dot)com> |
|---|---|
| To: | "daniel(at)yesql(dot)se" <daniel(at)yesql(dot)se>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de> |
| Cc: | "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "rjuju123(at)gmail(dot)com" <rjuju123(at)gmail(dot)com>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net> |
| Subject: | Re: Support for NSS as a libpq TLS backend |
| Date: | 2022-01-27 00:51:59 |
| Message-ID: | 80791713766697b7d121baf418940365b2b06b1b.camel@vmware.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 2022-01-26 at 15:59 -0800, Andres Freund wrote:
> > > Do we have a testcase for embedded NULLs in common names?
> >
> > We don't, neither for OpenSSL or NSS. AFAICR Jacob spent days trying to get a
> > certificate generation to include an embedded NULL byte but in the end gave up.
> > We would have to write our own tools for generating certificates to add that
> > (which may or may not be a bad idea, but it hasn't been done).
>
> Hah, that's interesting.
Yeah, OpenSSL just refused to do it, with any method I could find at
least. My personal test suite is using pyca/cryptography and psycopg2
to cover that case.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2022-01-27 00:56:04 | Re: make MaxBackends available in _PG_init |
| Previous Message | Andres Freund | 2022-01-26 23:59:39 | Re: Support for NSS as a libpq TLS backend |