Postgres Pro
Downloads
Home   >   mailing lists

Re: [PATCH] Automatic client certificate selection support for libpq v1 - Mailing list pgsql-hackers

From Magnus Hagander
Subject Re: [PATCH] Automatic client certificate selection support for libpq v1
Date
Msg-id 4A07DB89.2080508@hagander.net
Whole thread Raw
In response to Re: [PATCH] Automatic client certificate selection support for libpq v1  (Peter Eisentraut <peter_e@gmx.net>)
Responses Re: [PATCH] Automatic client certificate selection support for libpq v1  (Alvaro Herrera <alvherre@commandprompt.com>)
Re: [PATCH] Automatic client certificate selection support for libpq v1  (Seth Robertson <in-pgsql-hackers@baka.org>)
Re: [PATCH] Automatic client certificate selection support for libpq v1  (Peter Eisentraut <peter_e@gmx.net>)
List pgsql-hackers
Tree view 
Peter Eisentraut wrote:
> On Friday 08 May 2009 22:03:56 Tom Lane wrote:
>>  I hesitate though to suggest that we think about porting
>> ourselves to NSS --- I'm not sure that there would be benefits to us
>> within the context of Postgres alone.
> 
> That could be attractive if we ripped out the OpenSSL code at the same time, 
> as the NSS API is purportedly more abstract and presumably would reduce the 
> amount and the complexity of the code.

Is NSS available on all the platforms that we are (and that has OpenSSL
today)?

Another thought: if we were to make ourselves support multiple SSL
libraries (that has been suggested before - at that point, people wanted
GnuTLS), we could also add support for Windows SChannel, which I'm sure
some win32 people would certainly prefer - much easier to do SSL
deployments within an existing MS infrastructure...

But no, that certainly wouldn't *reduce* the amount of code...

//Magnus

pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: [PATCH] Automatic client certificate selection support for libpq v1
Next
From: Magnus Hagander
Date:
Subject: Re: SSL cert chains patch