Re: [HACKERS] GnuTLS support

From: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
To: Andreas Karlsson <andreas(at)proxel(dot)se>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [HACKERS] GnuTLS support
Date: 2018-03-08 19:13:51
Message-ID: 09fd5b6e-cb48-85ed-d1fd-7d50d47ed3db@2ndquadrant.com
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-hackers

In the thread about Secure Transport we agreed to move the consideration
of new SSL libraries to PG12.

Here is my current patch, after all the refactorings.

The status is that it works fine and could be used.

There are two failures in the SSL tests that I cannot explain. The
tests are for some rather obscure configurations, so the changed
behaviors are not obviously wrong, perhaps legitimate implementation
differences. But someone wrote those tests with a purpose (probably),
so we should have some kind of explanation for the regressions.

Other non-critical, nice-to-have issues:

- Do something about sslinfo, perhaps fold into pg_stat_ssl view.
- Do something about pgcrypto.
- Add tests for load_dh_file().
- Implement channel binding tls-server-end-point.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Attachment Content-Type Size
v6-0001-GnuTLS-support.patch text/plain 95.1 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2018-03-08 19:15:08 Re: Temporary tables prevent autovacuum, leading to XID wraparound
Previous Message Robert Haas 2018-03-08 19:00:23 Re: public schema default ACL