Re: Support for NSS as a libpq TLS backend

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Bruce Momjian <bruce@momjian.us>, Robert Haas <robertmhaas@gmail.com>, Peter Eisentraut <peter.eisentraut@enterprisedb.com>, Andres Freund <andres@anarazel.de>, Julien Rouhaud <rjuju123@gmail.com>, Jacob Champion <pchampion@vmware.com>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>, "hlinnaka@iki.fi" <hlinnaka@iki.fi>, "andrew.dunstan@2ndquadrant.com" <andrew.dunstan@2ndquadrant.com>, "michael@paquier.xyz" <michael@paquier.xyz>, "thomas.munro@gmail.com" <thomas.munro@gmail.com>
Date: 2022-02-04T20:03:50Z
Lists: pgsql-hackers
Greetings,

* Daniel Gustafsson (daniel@yesql.se) wrote:
> I am writing done above in quotes, since the documentation also needs to be
> updated, completed, rewritten, organized etc etc.  The above is an import of
> what was found, and is in a fairly poor state.  Unfortunately, it's still not
> in the tree where I personally believe documentation stands the best chance of
> being kept up to date.  The NSPR documentation is probably the best of the two,
> but it's also much less of a moving target.

I wonder about the 'not in tree' bit since it is in the header files,
certainly for NSPR which I've been poking at due to this discussion.  I
had hoped that they were generating the documentation on the webpage
from what's in the header files, is that not the case then?  Which is
more accurate?  If it's a simple matter of spending time going through
what's in the tree and making sure what's online matches that, I suspect
we could find some folks with time to work on helping them there.

If the in-tree stuff isn't accurate then that's a bigger problem, of
course.

> It is true that the documentation is poor and currently in bad shape with lots
> of broken links and heavily disorganized etc.  It's also true that I managed to
> implement full libpq support without any crystal ball or help from the NSS
> folks.  The latter doesn't mean we can brush documentation concerns aside, but
> let's be fair in our criticism.

Agreed.

Thanks,

Stephen

Commits

  1. Add tab-completion for CREATE FOREIGN TABLE.

  2. Add tap tests for the schema publications.

  3. Move Perl test modules to a better namespace

  4. Adjust configure to insist on Perl version >= 5.8.3.

  5. Simplify code related to compilation of SSL and OpenSSL

  6. Introduce --with-ssl={openssl} as a configure option

  7. Implement support for bulk inserts in postgres_fdw

  8. Fix redundant error messages in client tools

  9. doc: Apply more consistently <productname> markup for OpenSSL

  10. Check ssl_in_use flag when reporting statistics