Re: Support for NSS as a libpq TLS backend

Andrew Dunstan <andrew.dunstan@2ndquadrant.com>

From: Andrew Dunstan <andrew.dunstan@2ndquadrant.com>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Postgres hackers <pgsql-hackers@lists.postgresql.org>, Stephen Frost <sfrost@snowman.net>, Thomas Munro <thomas.munro@gmail.com>
Date: 2020-09-03T19:26:03Z
Lists: pgsql-hackers
>
> >>>> OK, this version contains pre-generated nss files, and passes a full
> >>>> buildfarm run including the ssl test module, with both openssl and NSS.
> >>>> That should keep the cfbot happy :-)
>
> Turns out the CFBot doesn't like the binary diffs.  They are included in this
> version too but we should probably drop them again it seems.
>

I did ask Thomas about this, he was going to try to fix it. In
principle we should want it to accept binary diffs exactly for this
sort of thing.


> The attached v9 contains mostly a first stab at getting some documentation
> going, it's far from completed but I'd rather share more frequently to not have
> local trees deviate too much in case you've had time to hack as well.  I had a
> few documentation tweaks in the code too, but no real functionality change for
> now.
>
> The 0001 patch isn't strictly necessary but it seems reasonable to address the
> various ways OpenSSL was spelled out in the docs while at updating the SSL
> portions.  It essentially ensures that markup around OpenSSL and SSL is used
> consistently.  I didn't address the linelengths being too long in this patch to
> make review easier instead.
>


I'll take a look.

cheers

andrew



-- 
Andrew Dunstan                https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



Commits

  1. Add tab-completion for CREATE FOREIGN TABLE.

  2. Add tap tests for the schema publications.

  3. Move Perl test modules to a better namespace

  4. Adjust configure to insist on Perl version >= 5.8.3.

  5. Simplify code related to compilation of SSL and OpenSSL

  6. Introduce --with-ssl={openssl} as a configure option

  7. Implement support for bulk inserts in postgres_fdw

  8. Fix redundant error messages in client tools

  9. doc: Apply more consistently <productname> markup for OpenSSL

  10. Check ssl_in_use flag when reporting statistics