| From: | Christoph Berg <myon(at)debian(dot)org> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Andreas Karlsson <andreas(at)proxel(dot)se>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [HACKERS] GnuTLS support |
| Date: | 2018-02-01 10:08:39 |
| Message-ID: | 20180201100839.GB335@msg.df7cb.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Re: Peter Eisentraut 2018-01-03 <99680dba-cf63-8151-1de2-46ca93897e56(at)2ndquadrant(dot)com>
> One scenario is that if GnuTLS goes in, it's quite plausible that the
> PG11 packages for Debian and Ubuntu will use it by default. But if it
> doesn't support tls-server-endpoint, then a JDBC client (assuming
> channel binding support is added) can't connect to such a server with
> SCRAM authentication over SSL (which we hope will be a popular
> configuration), unless they manually disable channel binding altogether
> using the new scramchannelbinding connection option. That would be a
> very poor experience.
GnuTLS support would mean that Debian could finally link psql against
libreadline (instead of just LD_PRELOADing it at runtime) because
there's not OpenSSL license conflict anymore. But I'm only going to do
that switch if there's no visible incompatibilities for clients, and
even any server-side GUC name changes would need a damn good
justification because they make upgrades harder. The LD_PRELOAD hack
in psql works, there's no pressing urgency to remove it.
Christoph
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Konstantin Knizhnik | 2018-02-01 10:24:21 | Re: Built-in connection pooling |
| Previous Message | Amit Langote | 2018-02-01 09:42:40 | Re: no partition pruning when partitioning using array type |