| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Andres Freund <andres(at)2ndquadrant(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Lars Kanis <lars(at)greiz-reinsdorf(dot)de>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Failing SSL connection due to weird interaction with openssl |
| Date: | 2012-12-10 23:54:26 |
| Message-ID: | 29043.1355183666@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> FWICS, this kind of problem is endemic in OpenSSL, which
> also doesn't seem to believe in comprehensive documentation or code
> comments. It would be nice if we had an API to some other, less
> crappy encryption library; or maybe even some generic API that lets
> you easily wire it into any library you happen to wish to use.
Awhile back Red Hat was trying to get people to switch to NSS or GnuTLS,
which apparently are better designed.
> Not that I'm volunteering to write the patch... :-(
Me either ... and in fact the lack of interest among upstreams in
rewriting their TLS code is what made the aforesaid effort crash and
burn. But FWIW, there are better alternatives out there.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jaime Casanova | 2012-12-10 23:54:58 | Re: Proposal for Allow postgresql.conf values to be changed via SQL |
| Previous Message | Robert Haas | 2012-12-10 23:22:51 | Re: Failing SSL connection due to weird interaction with openssl |