Re: Support for NSS as a libpq TLS backend

Julien Rouhaud <rjuju123@gmail.com>

From: Julien Rouhaud <rjuju123@gmail.com>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Jacob Champion <pchampion@vmware.com>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>, "hlinnaka@iki.fi" <hlinnaka@iki.fi>, "andrew.dunstan@2ndquadrant.com" <andrew.dunstan@2ndquadrant.com>, "michael@paquier.xyz" <michael@paquier.xyz>, "thomas.munro@gmail.com" <thomas.munro@gmail.com>, "andres@anarazel.de" <andres@anarazel.de>, "sfrost@snowman.net" <sfrost@snowman.net>
Date: 2022-01-18T06:36:32Z
Lists: pgsql-hackers
Hi,

On Mon, Jan 17, 2022 at 03:09:11PM +0100, Daniel Gustafsson wrote:
> 
> I must've fat-fingered the "git add -p" for v50 as the fix was in configure.ac
> but not configure.  Fixed now.

Thanks!  Apparently this version now fails on all OS, e.g.:

https://cirrus-ci.com/task/4643868095283200
[22:17:39.965] #   Failed test 'certificate authorization succeeds with correct client cert in PEM format'
[22:17:39.965] #   at t/001_ssltests.pl line 456.
[22:17:39.965] #          got: '2'
[22:17:39.965] #     expected: '0'
[22:17:39.965]
[22:17:39.965] #   Failed test 'certificate authorization succeeds with correct client cert in PEM format: no stderr'
[22:17:39.965] #   at t/001_ssltests.pl line 456.
[22:17:39.965] #          got: 'psql: error: connection to server at "127.0.0.1", port 50023 failed: certificate present, but not private key file "/home/postgres/.postgresql/postgresql.key"'
[22:17:39.965] #     expected: ''
[22:17:39.965]
[22:17:39.965] #   Failed test 'certificate authorization succeeds with correct client cert in DER format'
[22:17:39.965] #   at t/001_ssltests.pl line 475.
[22:17:39.965] #          got: '2'
[22:17:39.965] #     expected: '0'
[...]



Commits

  1. Add tab-completion for CREATE FOREIGN TABLE.

  2. Add tap tests for the schema publications.

  3. Move Perl test modules to a better namespace

  4. Adjust configure to insist on Perl version >= 5.8.3.

  5. Simplify code related to compilation of SSL and OpenSSL

  6. Introduce --with-ssl={openssl} as a configure option

  7. Implement support for bulk inserts in postgres_fdw

  8. Fix redundant error messages in client tools

  9. doc: Apply more consistently <productname> markup for OpenSSL

  10. Check ssl_in_use flag when reporting statistics