Re: Support for NSS as a libpq TLS backend

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Cc: Michael Paquier <michael(at)paquier(dot)xyz>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>
Subject: Re: Support for NSS as a libpq TLS backend
Date: 2020-10-20 12:24:24
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

The attached v12 adds support for pgcrypto as well as pg_strong_random, which I
believe completes the required subsystems where we have OpenSSL support today.
I opted for not adding code to handle the internal shaXXX implementations until
the dust settles around the proposal to change the API there.

Blowfish is not supported by NSS AFAICT, even though the cipher mechanism is
defined, so the internal implementation is used there instead. CAST5 is
supported, but segfaults inside NSS on most inputs so support for that is not
included for now.

cheers ./daniel

Attachment Content-Type Size
0001-Support-for-NSS-as-a-TLS-backend-v12.patch application/octet-stream 197.8 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Dilip Kumar 2020-10-20 12:29:39 Re: Is Recovery actually paused?
Previous Message Masahiko Sawada 2020-10-20 12:23:52 Re: Resetting spilled txn statistics in pg_stat_replication