Quick Links

Re: Support for NSS as a libpq TLS backend

From:	Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>
To:	Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc:	Robert Haas <robertmhaas(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, Julien Rouhaud <rjuju123(at)gmail(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>
Subject:	Re: Support for NSS as a libpq TLS backend
Date:	2022-02-03 19:16:00
Message-ID:	729e8d0e-6570-6965-6e8b-e76d84cfff99@enterprisedb.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 03.02.22 15:53, Daniel Gustafsson wrote:
> I see quite a few valid reasons to want an alternative, a few off the top of my
> head include:
>
> - Using trust stores like Keychain on macOS with Secure Transport. There is
> AFAIK something similar on Windows and NSS has it's certificate databases.
> Especially on client side libpq it would be quite nice to integrate with where
> certificates already are rather than rely on files on disks.
>
> - Not having to install OpenSSL, Schannel and Secure Transport would make life
> easier for packagers.

Those are good reasons for Schannel and Secure Transport, less so for NSS.

> - Simply having an alternative. The OpenSSL projects recent venture into
> writing transport protocols have made a lot of people worried over their
> bandwidth for fixing and supporting core features.

If we want simply an alternative, we had a GnuTLS variant almost done a
few years ago, but in the end people didn't want it enough. It seems to
be similar now.

In response to

Re: Support for NSS as a libpq TLS backend at 2022-02-03 14:53:49 from Daniel Gustafsson

Responses

Re: Support for NSS as a libpq TLS backend at 2022-02-03 19:33:37 from Robert Haas

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Swaha Miller	2022-02-03 19:21:03	Re: support for CREATE MODULE
Previous Message	Andres Freund	2022-02-03 19:12:00	Re: Latest LLVM breaks our code again