|From:||Andreas Karlsson <andreas(at)proxel(dot)se>|
|To:||Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>|
|Cc:||Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>|
|Subject:||Re: [HACKERS] GnuTLS support|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
On 11/20/2017 02:56 AM, Michael Paquier wrote:
> On Mon, Nov 20, 2017 at 9:42 AM, Tomas Vondra
> <tomas(dot)vondra(at)2ndquadrant(dot)com> wrote:
>> If I get it right we ignore gnutls and use openssl (as it's the first
>> checked in #ifdefs). Shouldn't we enforce in configure that only one TLS
>> implementation is enabled? Either by some elaborate check, or by
>> switching to something like
> WIth potential patches coming to use macos' SSL implementation or
> Windows channel, there should really be only one implementation
> available at compile time. That's more simple as a first step as well.
> So +1 for the --with-ssl switch.
I have now implemented this in the attached patch (plus added support
for channel binding and rebased it) but I ran into one issue which I
have not yet solved. The script for the windows version takes the
--with-openssl=<path> switch so that cannot just be translated to a
single --with-ssl switch. Should to have both --with-openssl and
--with-gnutls or --with-ssl=(openssl|gnutls) and --with-ssl-path=<path>?
I also do not know the Windows build code very well (or really at all).
|Next Message||Michael Paquier||2017-11-27 01:20:15||Re: [HACKERS] GnuTLS support|
|Previous Message||Michael Paquier||2017-11-27 01:03:25||Re: [HACKERS] More stats about skipped vacuums|