On 11/20/2017 02:56 AM, Michael Paquier wrote:
> On Mon, Nov 20, 2017 at 9:42 AM, Tomas Vondra
> <tomas.vondra@2ndquadrant.com> wrote:
>> If I get it right we ignore gnutls and use openssl (as it's the first
>> checked in #ifdefs). Shouldn't we enforce in configure that only one TLS
>> implementation is enabled? Either by some elaborate check, or by
>> switching to something like
>>
>> --with-ssl=(openssl|gnutls)
>
> WIth potential patches coming to use macos' SSL implementation or
> Windows channel, there should really be only one implementation
> available at compile time. That's more simple as a first step as well.
> So +1 for the --with-ssl switch.
I have now implemented this in the attached patch (plus added support
for channel binding and rebased it) but I ran into one issue which I
have not yet solved. The script for the windows version takes the
--with-openssl=<path> switch so that cannot just be translated to a
single --with-ssl switch. Should to have both --with-openssl and
--with-gnutls or --with-ssl=(openssl|gnutls) and --with-ssl-path=<path>?
I also do not know the Windows build code very well (or really at all).
Andreas
