Robert Haas <robertmhaas@gmail.com> writes:
> On Thu, Aug 31, 2017 at 1:52 PM, Andreas Karlsson <andreas@proxel.se> wrote:
>> I have seen discussions from time to time about OpenSSL and its licensing
>> issues so I decided to see how much work it would be to add support for
>> another TLS library, and I went with GnuTLS since it is the library I know
>> best after OpenSSL and it is also a reasonably popular library.
> Thanks for working on this. I think it's good for PostgreSQL to have
> more options in this area.
+1. We also have a patch in the queue to support macOS' TLS library,
and I suppose that's going to be facing similar issues. It would be
a good plan, probably, to try to push both of these to conclusion in
the same development cycle.
> I think that what this shows is that the current set of GUCs is overly
> OpenSSL-centric. We created a set of GUCs that are actually specific
> to one particular implementation but named them as if they were
> generic. My idea about this would be to actually rename the existing
> GUCs to start with "openssl" rather than "ssl", and then add new GUCs
> as needed for other SSL implementations.
Works for me.
>> There are currently two failing SSL tests which at least to me seems more
>> like they test specific OpenSSL behaviors rather than something which need
>> to be true for all SSL libraries.
> I don't know what we should do about these issues.
Maybe the SSL test suite needs to be implementation-specific as well.
regards, tom lane
