* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Bruce Momjian <bruce@momjian.us> writes:
> > Keep in mind it took years to get OpenSSL support up to the level we
> > have it now. It took SSL experts coming in and out of our development
> > process to get it 100% feature-complete.
>
> Actually, it's *not* feature-complete even yet.
>
> What basically bothers me about this is that trying to support both the
> OpenSSL and GNUTLS APIs is going to be an enormous investment of
> development and maintenance effort, because it's such a nontrivial thing
> to use properly. It sticks in my craw to be doing that work for no
> technical reason, only a license-lawyering reason; and not even a
> license issue that everyone is convinced is real.
The development has been done (and wasn't terribly enormous aiui) and I
have a hard time believeing it's a huge maintenance cost. If features
are added wrt SSL they wouldn't have to be added to both, either,
although in general I doubt it'd be all that difficult to support both
from the get-go but there's no obligataion and someone else who cares
about one or the other could implement it there.
Thanks,
Stephen