From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
---|---|
To: | Jacob Champion <pchampion(at)vmware(dot)com> |
Cc: | "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de> |
Subject: | Re: Support for NSS as a libpq TLS backend |
Date: | 2021-07-26 13:26:16 |
Message-ID: | A89F3823-40BD-4469-AFA8-819C20C0B24D@yesql.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> On 19 Jul 2021, at 21:33, Jacob Champion <pchampion(at)vmware(dot)com> wrote:
> ..client connections will crash if
> hostaddr is provided rather than host, because SSL_SetURL can't handle
> a NULL argument. I'm running with 0002 to fix it for the moment, but
> I'm not sure yet if it does the right thing for IP addresses, which the
> OpenSSL side has a special case for.
AFAICT the idea is to handle it in the cert auth callback, so I've added some
PoC code to check for sslsni there and updated the TODO comment to reflect
that.
I've applied your patches in the attached rebase which passes all tests for me.
--
Daniel Gustafsson https://vmware.com/
Attachment | Content-Type | Size |
---|---|---|
v39-0010-nss-Build-infrastructure.patch | application/octet-stream | 21.4 KB |
v39-0009-nss-Support-NSS-in-cryptohash.patch | application/octet-stream | 6.1 KB |
v39-0008-nss-Support-NSS-in-sslinfo.patch | application/octet-stream | 3.6 KB |
v39-0007-nss-Support-NSS-in-pgcrypto.patch | application/octet-stream | 24.9 KB |
v39-0006-nss-Documentation.patch | application/octet-stream | 35.3 KB |
v39-0005-nss-pg_strong_random-support.patch | application/octet-stream | 2.0 KB |
v39-0004-test-check-for-empty-stderr-during-connect_ok.patch | application/octet-stream | 3.6 KB |
v39-0003-nss-Add-NSS-specific-tests.patch | application/octet-stream | 57.9 KB |
v39-0002-Refactor-SSL-testharness-for-multiple-library.patch | application/octet-stream | 11.5 KB |
v39-0001-nss-Support-libnss-as-TLS-library-in-libpq.patch | application/octet-stream | 102.5 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2021-07-26 13:31:04 | Re: .ready and .done files considered harmful |
Previous Message | John Naylor | 2021-07-26 12:58:37 | Re: speed up verifying UTF-8 |