| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Support for Secure Transport SSL library on macOS as OpenSSL alternative |
| Date: | 2017-08-03 17:27:56 |
| Message-ID: | CAB7nPqR4J7wnMC+Ca1zdXMRqsgBFUX4uS4cTKwJGBbicSnQ7uQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Aug 3, 2017 at 12:02 PM, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> In https://postgr.es/m/69DB7657-3F9D-4D30-8A4B-E06034251F61@yesql.se I
> presented a WIP patch for adding support for the Apple Secure Transport SSL
> library on macOS as, an alternative to OpenSSL. That patch got put on the
> backburner for a bit, but I’ve now found the time to make enough progress to
> warrant a new submission for discussions on this (and hopefully help hacking).
>
> It is a drop-in replacement for the OpenSSL code, and supports all the same
> features and options, except for two things: compression is not supported and
> the CRL cannot be loaded from a plain PEM file. A Keychain must be used for
> that instead.
Is there a set of APIs to be able to get server certificate for the
frontend and the backend, and generate a hash of it? That matters for
channel binding support of SCRAM for tls-server-end-point. There were
no APIs to get the TLS finish message last time I looked at OSX stuff,
which mattered for tls-unique. It would be nice if we could get one.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-08-03 17:45:02 | Re: Add Roman numeral conversion to to_number |
| Previous Message | Michael Paquier | 2017-08-03 17:23:19 | Re: Cache lookup errors with functions manipulation object addresses |