Re: Support for NSS as a libpq TLS backend

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Kevin Burke <kevin@burke.dev>
Cc: Jacob Champion <pchampion@vmware.com>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>, "hlinnaka@iki.fi" <hlinnaka@iki.fi>, "andrew.dunstan@2ndquadrant.com" <andrew.dunstan@2ndquadrant.com>, "sfrost@snowman.net" <sfrost@snowman.net>, "rachelmheaton@gmail.com" <rachelmheaton@gmail.com>, "thomas.munro@gmail.com" <thomas.munro@gmail.com>, "michael@paquier.xyz" <michael@paquier.xyz>, "andres@anarazel.de" <andres@anarazel.de>
Date: 2021-10-29T11:54:29Z
Lists: pgsql-hackers

Attachments

> On 29 Oct 2021, at 06:31, Kevin Burke <kevin@burke.dev> wrote:

Thanks for testing the patch!

> I believe that these patches need to integrate the refactoring in commit
> b3b4d8e68ae83f432f43f035c7eb481ef93e1583 - git is searching for the wrong text
> in the existing file


Correct, b3b4d8e68 as well as b4c4a00ea both created conflicts with this
patchset.  Attached is an updated patchset fixing both of those as well as
adding version checks for NSS and NSPR to autoconf (with fallbacks for
non-{nss|nspr}-config systems).  The versions picked are semi-arbitrary and
definitely up for discussion.  I chose them mainly as they were the oldest
commonly available packages I found, and they satisfy the requirements we have.

> I'm not sure how to submit a patch against a patch.

If you've done the work of fixing the conflicts in a rebase, the best option is
IMO to supply a whole new version of the patchset since that will make the CF
patch tester be able to build and test the version.

--
Daniel Gustafsson		https://vmware.com/

Commits

  1. Add tab-completion for CREATE FOREIGN TABLE.

  2. Add tap tests for the schema publications.

  3. Move Perl test modules to a better namespace

  4. Adjust configure to insist on Perl version >= 5.8.3.

  5. Simplify code related to compilation of SSL and OpenSSL

  6. Introduce --with-ssl={openssl} as a configure option

  7. Implement support for bulk inserts in postgres_fdw

  8. Fix redundant error messages in client tools

  9. doc: Apply more consistently <productname> markup for OpenSSL

  10. Check ssl_in_use flag when reporting statistics