Quick Links

Re: Support for NSS as a libpq TLS backend

From:	Robert Haas <robertmhaas(at)gmail(dot)com>
To:	Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc:	Andres Freund <andres(at)anarazel(dot)de>, Julien Rouhaud <rjuju123(at)gmail(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>
Subject:	Re: Support for NSS as a libpq TLS backend
Date:	2022-01-28 14:30:02
Message-ID:	CA+Tgmoa065y_UnXeff4AjL7H0tqzs4fw2Z5LSjvgAMvb8OxVHA@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Fri, Jan 28, 2022 at 9:08 AM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> > Kinda makes me question the wisdom of starting to depend on NSS. When openssl
> > docs are vastly outshining a library's, that library really should start to
> > ask itself some hard questions.

Yeah, OpenSSL is very poor, so being worse is not good.

> Sadly, there is that. While this is not a new problem, Mozilla has been making
> some very weird decisions around NSS governance as of late. Another data point
> is the below thread from libcurl:
>
> https://curl.se/mail/lib-2022-01/0120.html

I would really, really like to have an alternative to OpenSSL for PG.
I don't know if this is the right thing, though. If other people are
dropping support for it, that's a pretty bad sign IMHO. Later in the
thread it says OpenLDAP have dropped support for it already as well.

--
Robert Haas
EDB: http://www.enterprisedb.com

In response to

Re: Support for NSS as a libpq TLS backend at 2022-01-28 14:08:09 from Daniel Gustafsson

Responses

Re: Support for NSS as a libpq TLS backend at 2022-01-28 15:10:28 from Daniel Gustafsson
Re: Support for NSS as a libpq TLS backend at 2022-01-31 13:24:03 from Daniel Gustafsson
Re: Support for NSS as a libpq TLS backend at 2022-02-03 14:07:42 from Peter Eisentraut

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Aleksander Alekseev	2022-01-28 14:30:17	Re: Add 64-bit XIDs into PostgreSQL 15
Previous Message	Julien Rouhaud	2022-01-28 14:18:28	Re: [PATCH] Disable bgworkers during servers start in pg_upgrade*