Skip site navigation (1) Skip section navigation (2)


From: Martijn van Oosterhout <kleptog(at)svana(dot)org>
To: David Boreham <david_list(at)boreham(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>,Bruce Momjian <bruce(at)momjian(dot)us>,Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>,pgsql-hackers(at)postgresql(dot)org,"Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, mark(at)mark(dot)mielke(dot)cc,Mark Kirkwood <markir(at)paradise(dot)net(dot)nz>
Subject: Re: TODO: GNU TLS
Date: 2007-01-02 19:59:05
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On Tue, Jan 02, 2007 at 01:29:35PM -0500, Stephen Frost wrote:
> Would a patch to implement dual-support for OpenSSL and NSS be
> acceptable?  Would just replacing OpenSSL support with NSS support be

When I was looking into this I looked at NSS, and eventually decided on
GnuTLS. Why? Because I read the GnuTLS documentation and I understood
it. The basic support for GnuTLS took a whole afternoon, the hard work
was leving people with the choice of using OpenSSL. I read the OpenSSL
docs too, but I still don't understand how it works properly.

IMHO, GnuTLS has the advantage if being designed later which means
details like:

- Thread safety (GnuTLS is thread-safe by design, no locks needed)
- Proper layering (creating your own I/O function is trivial)
- Seperate namespace
- Non-blocking support from the get-go

were taken care of. Since people are citing maintainability as a
concern, I think you really have wonder whether NSS is a better

Have a nice day,
Martijn van Oosterhout   <kleptog(at)svana(dot)org>
> From each according to his ability. To each according to his ability to litigate.

In response to


pgsql-hackers by date

Next:From: Stephen FrostDate: 2007-01-02 20:01:34
Subject: Re: TODO: GNU TLS
Previous:From: Bruce MomjianDate: 2007-01-02 19:51:27
Subject: Re: TODO: GNU TLS

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group