Home > mailing lists

Re: Failing SSL connection due to weird interaction with openssl - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Failing SSL connection due to weird interaction with openssl
Date	December 11, 2012 02:54:32
Msg-id	29043.1355183666@sss.pgh.pa.us Whole thread Raw
In response to	Re: Failing SSL connection due to weird interaction with openssl (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

Robert Haas <robertmhaas@gmail.com> writes:
> FWICS, this kind of problem is endemic in OpenSSL, which
> also doesn't seem to believe in comprehensive documentation or code
> comments.  It would be nice if we had an API to some other, less
> crappy encryption library; or maybe even some generic API that lets
> you easily wire it into any library you happen to wish to use.

Awhile back Red Hat was trying to get people to switch to NSS or GnuTLS,
which apparently are better designed.

> Not that I'm volunteering to write the patch... :-(

Me either ... and in fact the lack of interest among upstreams in
rewriting their TLS code is what made the aforesaid effort crash and
burn.  But FWIW, there are better alternatives out there.
        regards, tom lane

pgsql-hackers by date:

From: Robert Haas
Date: 11 December 2012, 02:22:55
Subject: Re: Failing SSL connection due to weird interaction with openssl

From: Jaime Casanova
Date: 11 December 2012, 02:55:21
Subject: Re: Proposal for Allow postgresql.conf values to be changed via SQL

Re: Failing SSL connection due to weird interaction with openssl - Mailing list pgsql-hackers

Previous

Next