| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
| Cc: | Greg Smith <greg(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Michael Banck <mbanck(at)debian(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, jd(at)commandprompt(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Debian readline/libedit breakage |
| Date: | 2011-02-11 23:05:07 |
| Message-ID: | AANLkTinGWOpgZgz4fc=UO=AN5rHX9Hm44jUfkaf2kGp_@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Feb 11, 2011 at 5:22 PM, Martijn van Oosterhout
<kleptog(at)svana(dot)org> wrote:
> On Fri, Feb 11, 2011 at 02:09:09PM -0500, Greg Smith wrote:
>> Note that the past discussion was on the difficulty of matching the
>> existing OpenSSL API using GnuTLS, which is apparently difficult to do.
>> I wasn't trying to suggest there were issues specificially with GnuTLS's
>> code quality. It's more that the APIs are just different enough that
>> it's not trivial to do a swap--which is surprising given how many people
>> have seemingly needed to do exactly this conversion. You'd think
>> there'd be a simple "OpenSSL-like" interface available for GnuTLS by now
>> or something.
>
> I spent some time a while back making PostgreSQL work with GnuTLS. The
> actual SSL bit is trivial. The GnuTLS interface actually made sense
> whereas the OpenSSL one is opaque (at least, I've never seen any
> structure in it). The GnuTLS interface was designed in the modern era
> and it shows.
>
> The problems are primarily that psql exposes in various ways that it
> uses OpenSSL and does it in ways that are hard to support backward
> compatably. So for GnuTLS support you need to handle all those bits
> too.
>
> For example, the patch as presented introduced a passthrough mode that
> allowed applications to read/write over the SSL connection without
> actually knowing the underlying library. It had to fix psql to use this
> info. It had to provide ways for applications to determine the info
> they needed about the SSL, since it wouldn't beable to just grab the
> OpenSSL handle.
>
> All this made the patch large, which caused it to be rejected. I found
> that odd since the bulk of the patch was the renaming of two files,
> which makes for huge diffs while the changes where minimal. I beleive
> git is smarter about renames which means the diff may magically become
> much smaller just by using git, yay!
>
> Supporting GnuTLS for that backend was just icing, but trivial once the
> frontend was done. It can be left out.
We should probably revisit this for 9.2.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Charles.McDevitt | 2011-02-11 23:06:24 | Re: Debian readline/libedit breakage |
| Previous Message | Nicolas Barbier | 2011-02-11 22:49:27 | Re: Sorting. When? |