| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jacob Champion <pchampion(at)vmware(dot)com> |
| Cc: | "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net> |
| Subject: | Re: Support for NSS as a libpq TLS backend |
| Date: | 2021-02-22 13:31:13 |
| Message-ID: | AB4CA717-2B6E-4782-AD7D-4FD99CCB6338@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 18 Feb 2021, at 21:33, Jacob Champion <pchampion(at)vmware(dot)com> wrote:
>
> On Wed, 2021-02-17 at 22:35 +0100, Daniel Gustafsson wrote:
>> Attached is a rebase on top of this and the recent cryptohash changes to pass
>> in buffer lengths to the _final function. On top of that, I fixed up and
>> expanded the documentation, improved SCRAM handling (by using NSS digest
>> operations which are better suited) and reworded and expanded comments. This
>> patch version is, I think, feature complete with the OpenSSL implementation.
>
> fe-secure-nss.c is no longer compiling as of this patchset; looks
> like pgtls_open_client() has a truncated statement.
Ouch, I had a local mismerge that snuck in as I moved the branch around for
submission here. The attached fixes that as well as implements the sslcrldir
support that was committed recently. The crldir parameter isn't applicable to
NSS per se since all CRL's are loaded into the NSS database, but it does need
to be supported for the tests.
The crldir commit also made similar changes to the test harness as I had done
to support the NSS database, which made these incompatible. To fix that I've
implemented named parameters in switch_server_cert to make it less magic with
multiple optional parameters.
--
Daniel Gustafsson https://vmware.com/
| Attachment | Content-Type | Size |
|---|---|---|
| v28-0009-nss-Build-infrastructure.patch | application/octet-stream | 20.5 KB |
| v28-0008-nss-Support-NSS-in-cryptohash.patch | application/octet-stream | 6.1 KB |
| v28-0007-nss-Support-NSS-in-sslinfo.patch | application/octet-stream | 3.6 KB |
| v28-0006-nss-Support-NSS-in-pgcrypto.patch | application/octet-stream | 24.6 KB |
| v28-0005-nss-Documentation.patch | application/octet-stream | 33.8 KB |
| v28-0004-nss-pg_strong_random-support.patch | application/octet-stream | 1.9 KB |
| v28-0003-nss-Add-NSS-specific-tests.patch | application/octet-stream | 52.3 KB |
| v28-0002-Refactor-SSL-testharness-for-multiple-library.patch | application/octet-stream | 11.5 KB |
| v28-0001-nss-Support-libnss-as-TLS-library-in-libpq.patch | application/octet-stream | 92.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2021-02-22 13:31:57 | Re: Parallel INSERT (INTO ... SELECT ...) |
| Previous Message | Greg Nancarrow | 2021-02-22 12:40:20 | Re: Parallel INSERT (INTO ... SELECT ...) |