In the thread about Secure Transport we agreed to move the consideration
of new SSL libraries to PG12.
Here is my current patch, after all the refactorings.
The status is that it works fine and could be used.
There are two failures in the SSL tests that I cannot explain. The
tests are for some rather obscure configurations, so the changed
behaviors are not obviously wrong, perhaps legitimate implementation
differences. But someone wrote those tests with a purpose (probably),
so we should have some kind of explanation for the regressions.
Other non-critical, nice-to-have issues:
- Do something about sslinfo, perhaps fold into pg_stat_ssl view.
- Do something about pgcrypto.
- Add tests for load_dh_file().
- Implement channel binding tls-server-end-point.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
