Re: Support for NSS as a libpq TLS backend

> On 3 Aug 2020, at 21:18, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> wrote:
> On 8/3/20 12:46 PM, Andrew Dunstan wrote:
>> On 7/31/20 4:44 PM, Andrew Dunstan wrote:

>>> OK, here is an update of your patch that compiles and runs against NSS
>>> under Windows (VS2019).

Out of curiosity since I'm not familiar with Windows, how hard/easy is it to
install NSS for the purpose of a) hacking on postgres+NSS and b) using postgres
with NSS as the backend?

>>> * strtok_r() isn't available on Windows. We don't use it elsewhere in
>>> the postgres code, and it seemed unnecessary to have reentrant calls
>>> here, so I just replaced it with equivalent strtok() calls.

Fair enough, that makes sense.

>>> * We were missing an NSS implementation of
>>> pgtls_verify_peer_name_matches_certificate_guts(). I supplied a
>>> dummy that's enough to get it building cleanly, but that needs to be
>>> filled in properly.

Interesting, not sure how I could've missed that one.

>> OK, this version contains pre-generated nss files, and passes a full
>> buildfarm run including the ssl test module, with both openssl and NSS.
>> That should keep the cfbot happy :-)

Exciting, thanks a lot for helping out on this! I've started to look at the
required documentation changes during vacation, will hopefully be able to post
something soon.

cheers ./daniel