|From:||Daniel Gustafsson <daniel(at)yesql(dot)se>|
|To:||Michael Paquier <michael(at)paquier(dot)xyz>|
|Cc:||Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>|
|Subject:||Re: Support for NSS as a libpq TLS backend|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
> On 29 Sep 2020, at 09:52, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>> On 29 Sep 2020, at 07:59, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>> On Thu, Sep 17, 2020 at 11:41:28AM +0200, Daniel Gustafsson wrote:
>>> Attached is a v10 rebased to apply on top of HEAD.
>> I am afraid that this needs a new rebase. The patch is failing to
>> apply, per the CF bot. :/
> It's failing on binary diffs due to the NSS certificate databases being
> included to make hacking on the patch easier:
> File src/test/ssl/ssl/nss/server.crl: git binary diffs are not supported.
> This is a limitation of the CFBot patch tester, the text portions of the patch
> still applies with a tiny but of fuzz.
Attached is a new version which doesn't contain the NSS certificate databases
to keep the CFBot happy.
It also implements server-side passphrase callbacks as well as re-enables the
tests for those. The callback works a bit differently from the OpenSSL one as
it must run in the forked process, so it can't run on server reload. There's
also no default fallback reading from a TTY like in OpenSSL, so if no callback
it set the always-failing dummy is set.
|Next Message||Patrick REED||2020-10-02 20:10:23||Prepared Statements|
|Previous Message||Andres Freund||2020-10-02 18:34:58||Re: Incorrect assumption in heap_prepare_freeze_tuple|