Re: Support for NSS as a libpq TLS backend

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Jacob Champion <pchampion@vmware.com>
Cc: "michael@paquier.xyz" <michael@paquier.xyz>, "hlinnaka@iki.fi" <hlinnaka@iki.fi>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>, "andrew.dunstan@2ndquadrant.com" <andrew.dunstan@2ndquadrant.com>, "thomas.munro@gmail.com" <thomas.munro@gmail.com>, "andres@anarazel.de" <andres@anarazel.de>, "sfrost@snowman.net" <sfrost@snowman.net>
Date: 2021-02-08T23:11:05Z
Lists: pgsql-hackers
> On 4 Feb 2021, at 19:35, Jacob Champion <pchampion@vmware.com> wrote:
> 
> On Thu, 2021-02-04 at 16:30 +0900, Michael Paquier wrote:
>> On Tue, Feb 02, 2021 at 08:33:35PM +0000, Jacob Champion wrote:
>>> Note that this changes the error message printed during the invalid-
>>> root tests, because NSS is now sending the root of the chain. So the
>>> server's issuer is considered untrusted rather than unrecognized.
>> 
>> I think that it is not a good idea to attach the since-v*.diff patches
>> into the threads.  This causes the CF bot to fail in applying those
>> patches.
> 
> Ah, sorry about that. Is there an extension I can use (or lack thereof)
> that the CF bot will ignore, or does it scan the attachment contents?

Naming the file .patch.txt should work, and it serves the double purpose of
making it extra clear that this is not a patch intended to be applied but one
intended to be read for informational purposes.

--
Daniel Gustafsson		https://vmware.com/




Commits

  1. Add tab-completion for CREATE FOREIGN TABLE.

  2. Add tap tests for the schema publications.

  3. Move Perl test modules to a better namespace

  4. Adjust configure to insist on Perl version >= 5.8.3.

  5. Simplify code related to compilation of SSL and OpenSSL

  6. Introduce --with-ssl={openssl} as a configure option

  7. Implement support for bulk inserts in postgres_fdw

  8. Fix redundant error messages in client tools

  9. doc: Apply more consistently <productname> markup for OpenSSL

  10. Check ssl_in_use flag when reporting statistics