Re: disabled SSL log_like tests

Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
> Maybe the ssl_library function should return a hash with backend => 'OpenSSL'
> and library => <the actual implementation used>?

I don't love doing it exactly like that: seems like it adds notational
complexity for little gain. Also, it forces ssl_library to expend
work detecting things the current caller may not care about.

I was thinking about just transposing the existing test down to the
backend layer, more or less as attached. Not wedded to these names
of course.

> If we were to end up with a
> Libressl libtls implementation in libpq we'd still have to test with Libressl
> against the OpenSSL compat layer in libssl since it could act as both. Not a
> bridge we have to cross today but might be worth at least keeping in mind when
> designing something to not make it impossible in the future.

Right. I think the attached would be amenable to that.

Further down the road, it seems inevitable that we'll need to have a
way of detecting the SSL library version --- for example, assuming
the LibreSSL folk eventually fix their RSA-PSS code, we'll need a
version-dependent test. That could be another new backend method,
I guess.

regards, tom lane