| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, Julien Rouhaud <rjuju123(at)gmail(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com> |
| Subject: | Re: Support for NSS as a libpq TLS backend |
| Date: | 2022-01-31 21:48:30 |
| Message-ID: | C8A82B5C-A22E-4243-84D7-631CCD7A86EF@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 31 Jan 2022, at 17:24, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Daniel Gustafsson (daniel(at)yesql(dot)se) wrote:
>> I'm counting this and Andres' comment as a -1 on the patchset, and given where
>> we are in the cycle I'm mark it rejected in the CF app shortly unless anyone
>> objects.
>
> I agree that it's concerning to hear that OpenLDAP dropped support for
> NSS... though I don't seem to be able to find any information as to why
> they decided to do so.
I was also unable to do that. There is no information that I could see in
either the commit message, Bugzilla entry (#9207) or on the mailinglist.
Searching the web didn't yield anything either. I've reached out to hopefully
get a bit more information.
> I'm also very much a fan of having an alternative to OpenSSL and the
> NSS/NSPR license fits well for us, unlike the alternatives to OpenSSL
> used by other projects, such as GnuTLS (which is the alternative to
> OpenSSL that OpenLDAP now has) or other libraries like wolfSSL.
Short of platform specific (proprietary) libraries like Schannel and Secure
Transport, the alternatives are indeed slim.
> Beyond the documentation issue, which I agree is a concern but also
> seems to be actively realized as an issue by the NSS/NSPR folks,
It is, but it has also been an issue for years to be honest, getting the docs
up to scratch will require a very large effort.
> is there some other reason that the curl folks are thinking of dropping support
> for it?
It's also not really used anymore in conjunction with curl, with Red Hat no
longer shipping builds against it.
--
Daniel Gustafsson https://vmware.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2022-01-31 21:51:19 | Re: Support for NSS as a libpq TLS backend |
| Previous Message | Greg Stark | 2022-01-31 21:40:09 | Re: pg_walinspect - a new extension to get raw WAL data and WAL stats |