Re: Support for NSS as a libpq TLS backend

Jacob Champion <pchampion@vmware.com>

From: Jacob Champion <pchampion@vmware.com>
To: "daniel@yesql.se" <daniel@yesql.se>
Cc: "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>, "hlinnaka@iki.fi" <hlinnaka@iki.fi>, "andrew.dunstan@2ndquadrant.com" <andrew.dunstan@2ndquadrant.com>, "sfrost@snowman.net" <sfrost@snowman.net>, "thomas.munro@gmail.com" <thomas.munro@gmail.com>, "michael@paquier.xyz" <michael@paquier.xyz>, "andres@anarazel.de" <andres@anarazel.de>
Date: 2021-12-16T19:56:25Z
Lists: pgsql-hackers
On Wed, 2021-12-15 at 23:10 +0100, Daniel Gustafsson wrote:
> > On 30 Nov 2021, at 20:03, Jacob Champion <pchampion@vmware.com> wrote:
> > 
> > On Mon, 2021-09-27 at 15:44 +0200, Daniel Gustafsson wrote:
> > > > Speaking of IP addresses in SANs, it doesn't look like our OpenSSL
> > > > backend can handle those. That's a separate conversation, but I might
> > > > take a look at a patch for next commitfest.
> > > 
> > > Please do.
> > 
> > Didn't get around to it for November, but I'm putting the finishing
> > touches on that now.
> 
> Cool, thanks!

Done and registered in Commitfest.

> Yeah, that's clearly bogus.  I followed the bouncing ball reading NSS code and
> from what I can tell the comment is correct.  I removed the dead code, only
> realizing after the fact that I might cause conflict with your tree doing so,
> in that case sorry.

No worries, there weren't any issues with the rebase.

> I've attached a v50 which fixes the issues found by Joshua upthread, as well as
> rebases on top of all the recent SSL and pgcrypto changes.

Thanks!

--Jacob

Commits

  1. Add tab-completion for CREATE FOREIGN TABLE.

  2. Add tap tests for the schema publications.

  3. Move Perl test modules to a better namespace

  4. Adjust configure to insist on Perl version >= 5.8.3.

  5. Simplify code related to compilation of SSL and OpenSSL

  6. Introduce --with-ssl={openssl} as a configure option

  7. Implement support for bulk inserts in postgres_fdw

  8. Fix redundant error messages in client tools

  9. doc: Apply more consistently <productname> markup for OpenSSL

  10. Check ssl_in_use flag when reporting statistics