Home > mailing lists

Re: Support for NSS as a libpq TLS backend - Mailing list pgsql-hackers

From	Daniel Gustafsson
Subject	Re: Support for NSS as a libpq TLS backend
Date	July 26, 2021 16:26:16
Msg-id	A89F3823-40BD-4469-AFA8-819C20C0B24D@yesql.se Whole thread Raw
In response to	Re: Support for NSS as a libpq TLS backend (Jacob Champion <pchampion@vmware.com>)
Responses	Re: Support for NSS as a libpq TLS backend (Daniel Gustafsson <daniel@yesql.se>) Re: Support for NSS as a libpq TLS backend (Jacob Champion <pchampion@vmware.com>)
List	pgsql-hackers

Tree view

> On 19 Jul 2021, at 21:33, Jacob Champion <pchampion@vmware.com> wrote:

> ..client connections will crash if
> hostaddr is provided rather than host, because SSL_SetURL can't handle
> a NULL argument. I'm running with 0002 to fix it for the moment, but
> I'm not sure yet if it does the right thing for IP addresses, which the
> OpenSSL side has a special case for.

AFAICT the idea is to handle it in the cert auth callback, so I've added some
PoC code to check for sslsni there and updated the TODO comment to reflect
that.

I've applied your patches in the attached rebase which passes all tests for me.

--
Daniel Gustafsson        https://vmware.com/

Attachment

pgsql-hackers by date:

From: John Naylor
Date: 26 July 2021, 15:58:37
Subject: Re: speed up verifying UTF-8

From: Robert Haas
Date: 26 July 2021, 16:31:04
Subject: Re: .ready and .done files considered harmful

Re: Support for NSS as a libpq TLS backend - Mailing list pgsql-hackers

Attachment

Previous

Next