Daniel Gustafsson <daniel@yesql.se> writes:
> On 7 May 2025, at 23:54, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> +# Determine whether this build uses OpenSSL or LibreSSL. As a heuristic, the
>> +# HAVE_SSL_CTX_SET_CERT_CB macro isn't defined for LibreSSL.
>> +my $libressl = not check_pg_config("#define HAVE_SSL_CTX_SET_CERT_CB 1");
> Longer term it would be nice to move this into SSL::Server and have the module
> export a function or symbol which returns the underlying library and version,
> but that's not for this patch.
I was feeling itchy about having two copies of code that looks none
too set-in-stone. Maybe we should just do that. Any preferences
on the API?
>> +# As of 5/2025, LibreSSL doesn't actually work for RSA-PSS certificates.
> Should we add a link to the relevant thread for future readers? OpenBSD refer
> to MARC for archiving which I believe is stable enough for an inclusion.
WFM, I'll make it so.
regards, tom lane
