Josh Berkus wrote:
> Tom,
>
>> And even more curious to see you defend that offhanded bashing of
>> OpenSSL, a tool a whole lot of people (including me) depend on all day
>> every day. If Postgres had the market penetration of OpenSSL, our lives
>> would be a lot different. Have you got even a shred of evidence that
>> GSSAPI is more stable than OpenSSL?
>
> Short answer:
> Existing Kerberos libs with GSSAPI may have the same issues; I don't know.
> What I was speaking in favor of was having several encryption mechanisms
> available so that at least one of them would be available on the user's
> system at installation time. For that matter, I think we should support
> Gnu-TLS if someone offers us a patch.
IIRC we had a gnutls patch offered, but rejected.
> Also, last I checked OpenSSL didn't ship with Windows and Kerberos
> encryption did.
How long ago did you check? I've been using OpenSSL on windows for many
years. Actually, it was supported just fine on Windows back when it was
added to PostgreSQL *at least*.
//Magnus
