> On 8 May 2025, at 15:49, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Daniel Gustafsson <daniel@yesql.se> writes:
>> On 7 May 2025, at 23:54, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> +# Determine whether this build uses OpenSSL or LibreSSL. As a heuristic, the
>>> +# HAVE_SSL_CTX_SET_CERT_CB macro isn't defined for LibreSSL.
>>> +my $libressl = not check_pg_config("#define HAVE_SSL_CTX_SET_CERT_CB 1");
>
>> Longer term it would be nice to move this into SSL::Server and have the module
>> export a function or symbol which returns the underlying library and version,
>> but that's not for this patch.
>
> I was feeling itchy about having two copies of code that looks none
> too set-in-stone. Maybe we should just do that. Any preferences
> on the API?
There is already SSL::Server::ssl_library() which returns the underlying
library, but it's not smart enough to differentiate between which flavour of
OpenSSL compatible library is being used (OpenSSL, Libressl, BoringSSL etc) as
it's only returning a hardcoded string as of now. My plan was to expand that
at some point.
--
Daniel Gustafsson
