From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
---|---|
To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, Julien Rouhaud <rjuju123(at)gmail(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net> |
Subject: | Re: Support for NSS as a libpq TLS backend |
Date: | 2022-02-03 19:16:00 |
Message-ID: | 729e8d0e-6570-6965-6e8b-e76d84cfff99@enterprisedb.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 03.02.22 15:53, Daniel Gustafsson wrote:
> I see quite a few valid reasons to want an alternative, a few off the top of my
> head include:
>
> - Using trust stores like Keychain on macOS with Secure Transport. There is
> AFAIK something similar on Windows and NSS has it's certificate databases.
> Especially on client side libpq it would be quite nice to integrate with where
> certificates already are rather than rely on files on disks.
>
> - Not having to install OpenSSL, Schannel and Secure Transport would make life
> easier for packagers.
Those are good reasons for Schannel and Secure Transport, less so for NSS.
> - Simply having an alternative. The OpenSSL projects recent venture into
> writing transport protocols have made a lot of people worried over their
> bandwidth for fixing and supporting core features.
If we want simply an alternative, we had a GnuTLS variant almost done a
few years ago, but in the end people didn't want it enough. It seems to
be similar now.
From | Date | Subject | |
---|---|---|---|
Next Message | Swaha Miller | 2022-02-03 19:21:03 | Re: support for CREATE MODULE |
Previous Message | Andres Freund | 2022-02-03 19:12:00 | Re: Latest LLVM breaks our code again |