> On 9 May 2025, at 02:15, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Daniel Gustafsson <daniel@yesql.se> writes:
>> If we were to end up with a
>> Libressl libtls implementation in libpq we'd still have to test with Libressl
>> against the OpenSSL compat layer in libssl since it could act as both. Not a
>> bridge we have to cross today but might be worth at least keeping in mind when
>> designing something to not make it impossible in the future.
>
> Right. I think the attached would be amenable to that.
It will be a bit awkward to ask "are you libressl" if we ever add support for
something not OpenSSL based, but we could always revisit should that happen.
> Further down the road, it seems inevitable that we'll need to have a
> way of detecting the SSL library version --- for example, assuming
> the LibreSSL folk eventually fix their RSA-PSS code, we'll need a
> version-dependent test. That could be another new backend method,
> I guess.
Agreed.
--
Daniel Gustafsson
