Re: [HACKERS] GnuTLS support

From: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Andreas Karlsson <andreas(at)proxel(dot)se>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [HACKERS] GnuTLS support
Date: 2018-01-17 22:14:47
Message-ID: 8dff8808-27ba-59bb-cb1f-0ff3fe21b479@2ndquadrant.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 1/17/18 14:05, Tom Lane wrote:
> Although these corner cases are starting to make me feel like changing
> my original vote. Maybe we should forget the prefixes, in particular
> renaming gnutls_priorities to ssl_priorities, and just accept the need
> to document some parameters as only relevant to some implementations.

We could go the route of normalizing all implementation-specific
settings to some set of atomic concepts and create separate settings for
those, and then map them back to the actual APIs in code.

So we could take ssl_ciphers, ssl_prefer_server_ciphers, ssl_ecdh_curve
and assemble internally something that we can pass to
gnutls_priority_init().

But I think it would be more helpful in practice if the naming of the
implementation-specific settings match with something you can look up in
the documentation of that implementation. "GnuTLS priority string" is
easy to look up and well documented. If instead we chop it up into
something that is more like the OpenSSL settings, I think we are not
helping anyone.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2018-01-17 22:23:25 Re: [HACKERS] replace GrantObjectType with ObjectType
Previous Message Robert Haas 2018-01-17 22:09:58 Re: [HACKERS] postgres_fdw bug in 9.6