Re: Support for NSS as a libpq TLS backend

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Jacob Champion <pchampion(at)vmware(dot)com>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>
Subject: Re: Support for NSS as a libpq TLS backend
Date: 2021-02-17 21:35:33
Message-ID: 0F5CF84D-26F1-44D0-AEAE-E011D3CEC0E2@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> On 10 Feb 2021, at 13:17, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>
>> On 10 Feb 2021, at 08:23, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>>
>> On Tue, Feb 09, 2021 at 10:30:52AM +0100, Daniel Gustafsson wrote:
>>> It can be, it's not the most pressing patch scope reduction but everything
>>> helps of course.
>>
>> Okay. I have spent some time on this one and finished it.
>
> Thanks, I'll post a rebased version on top of this soon.

Attached is a rebase on top of this and the recent cryptohash changes to pass
in buffer lengths to the _final function. On top of that, I fixed up and
expanded the documentation, improved SCRAM handling (by using NSS digest
operations which are better suited) and reworded and expanded comments. This
patch version is, I think, feature complete with the OpenSSL implementation.

--
Daniel Gustafsson https://vmware.com/

Attachment Content-Type Size
v27-0009-nss-Build-infrastructure.patch application/octet-stream 20.0 KB
v27-0008-nss-Support-NSS-in-cryptohash.patch application/octet-stream 6.1 KB
v27-0007-nss-Support-NSS-in-sslinfo.patch application/octet-stream 3.6 KB
v27-0006-nss-Support-NSS-in-pgcrypto.patch application/octet-stream 24.6 KB
v27-0005-nss-Documentation.patch application/octet-stream 32.1 KB
v27-0004-nss-pg_strong_random-support.patch application/octet-stream 1.9 KB
v27-0003-nss-Add-NSS-specific-tests.patch application/octet-stream 43.9 KB
v27-0002-Refactor-SSL-testharness-for-multiple-library.patch application/octet-stream 11.2 KB
v27-0001-nss-Support-libnss-as-TLS-library-in-libpq.patch application/octet-stream 92.2 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Thomas Munro 2021-02-17 21:45:53 Re: pg_collation_actual_version() ERROR: cache lookup failed for collation 123
Previous Message Daniel Gustafsson 2021-02-17 21:19:35 Re: Support for NSS as a libpq TLS backend