Re: [HACKERS] GnuTLS support

From: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
To: Andreas Karlsson <andreas(at)proxel(dot)se>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Cc: Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [HACKERS] GnuTLS support
Date: 2018-01-19 18:43:30
Views: Raw Message | Whole Thread | Download mbox
Lists: pgsql-hackers

Comparing the existing {be,fe}-secure-openssl.c with the proposed
{be,fe}-secure-gnutls.c, and with half an eye on the previously proposed
Apple Secure Transport implementation, I have identified a few more
areas of refactoring that should be done in order to avoid excessive
copy-and-pasting in the new implementations:


This will help with interoperability testing, because you can then
create an installation with mixed SSL implementations and run the test
suite against it.


Prepares and cleans up the documentation a bit before the addition of
new things, as discussed elsewhere.


To avoid copy-and-paste, and also because the EDH explanation doesn't
really belong in a file header comment. Maybe the whole thing is known
well enough nowadays that we can just remove the explanation.


Move copy-and-paste avoidance.

Peter Eisentraut
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Attachment Content-Type Size
0001-Add-installcheck-support-to-more-test-suites.patch text/plain 2.2 KB
0002-Split-out-documentation-of-SSL-parameters-into-their.patch text/plain 17.5 KB
0003-Move-EDH-support-to-common-files.patch text/plain 6.4 KB
0004-Move-SSL-API-comments-to-header-files.patch text/plain 11.0 KB
0005-Extract-common-bits-from-OpenSSL-implementation.patch text/plain 8.0 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2018-01-19 18:55:30 Re: [HACKERS] GnuTLS support
Previous Message Claudio Freire 2018-01-19 18:35:52 Re: Built-in connection pooling