Postgres Pro
Downloads
Home   >   mailing lists

Re: Support for NSS as a libpq TLS backend - Mailing list pgsql-hackers

From Daniel Gustafsson
Subject Re: Support for NSS as a libpq TLS backend
Date
Msg-id DA91E5F0-5F9D-41A7-A7A6-B91CDE0F1D63@yesql.se
Whole thread Raw
In response to Re: Support for NSS as a libpq TLS backend  (Andrew Dunstan <andrew.dunstan@2ndquadrant.com>)
Responses Re: Support for NSS as a libpq TLS backend  (Andrew Dunstan <andrew.dunstan@2ndquadrant.com>)
List pgsql-hackers
Tree view 
> On 5 Aug 2020, at 22:38, Andrew Dunstan <andrew.dunstan@2ndquadrant.com> wrote:
>
> On 8/4/20 5:42 PM, Daniel Gustafsson wrote:
>>> On 3 Aug 2020, at 21:18, Andrew Dunstan <andrew.dunstan@2ndquadrant.com> wrote:
>>> On 8/3/20 12:46 PM, Andrew Dunstan wrote:
>>>> On 7/31/20 4:44 PM, Andrew Dunstan wrote:
>>>>> OK, here is an update of your patch that compiles and runs against NSS
>>>>> under Windows (VS2019).
>> Out of curiosity since I'm not familiar with Windows, how hard/easy is it to
>> install NSS for the purpose of a) hacking on postgres+NSS and b) using postgres
>> with NSS as the backend?
>
> I've laid out the process at
> https://www.2ndquadrant.com/en/blog/nss-on-windows-for-postgresql-development/

That's fantastic, thanks for putting that together.

>>>> OK, this version contains pre-generated nss files, and passes a full
>>>> buildfarm run including the ssl test module, with both openssl and NSS.
>>>> That should keep the cfbot happy :-)

Turns out the CFBot doesn't like the binary diffs.  They are included in this
version too but we should probably drop them again it seems.

>> Exciting, thanks a lot for helping out on this!  I've started to look at the
>> required documentation changes during vacation, will hopefully be able to post
>> something soon.
>
> Good. Having got the tests running cleanly on Linux, I'm now going back
> to work on that for Windows.
>
> After that I'll look at the hook/callback stuff.

The attached v9 contains mostly a first stab at getting some documentation
going, it's far from completed but I'd rather share more frequently to not have
local trees deviate too much in case you've had time to hack as well.  I had a
few documentation tweaks in the code too, but no real functionality change for
now.

The 0001 patch isn't strictly necessary but it seems reasonable to address the
various ways OpenSSL was spelled out in the docs while at updating the SSL
portions.  It essentially ensures that markup around OpenSSL and SSL is used
consistently.  I didn't address the linelengths being too long in this patch to
make review easier instead.

cheers ./daniel
Attachment

pgsql-hackers by date:

Previous
From: Georgios Kokolatos
Date:
Subject: Re: v13: show extended stats target in \d
Next
From: "k.jamison@fujitsu.com"
Date:
Subject: RE: [Patch] Optimize dropping of relation buffers using dlist