| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
| Cc: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: Support for NSS as a libpq TLS backend |
| Date: | 2020-09-01 12:43:58 |
| Message-ID: | DA91E5F0-5F9D-41A7-A7A6-B91CDE0F1D63@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 5 Aug 2020, at 22:38, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> wrote:
>
> On 8/4/20 5:42 PM, Daniel Gustafsson wrote:
>>> On 3 Aug 2020, at 21:18, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> wrote:
>>> On 8/3/20 12:46 PM, Andrew Dunstan wrote:
>>>> On 7/31/20 4:44 PM, Andrew Dunstan wrote:
>>>>> OK, here is an update of your patch that compiles and runs against NSS
>>>>> under Windows (VS2019).
>> Out of curiosity since I'm not familiar with Windows, how hard/easy is it to
>> install NSS for the purpose of a) hacking on postgres+NSS and b) using postgres
>> with NSS as the backend?
>
> I've laid out the process at
> https://www.2ndquadrant.com/en/blog/nss-on-windows-for-postgresql-development/
That's fantastic, thanks for putting that together.
>>>> OK, this version contains pre-generated nss files, and passes a full
>>>> buildfarm run including the ssl test module, with both openssl and NSS.
>>>> That should keep the cfbot happy :-)
Turns out the CFBot doesn't like the binary diffs. They are included in this
version too but we should probably drop them again it seems.
>> Exciting, thanks a lot for helping out on this! I've started to look at the
>> required documentation changes during vacation, will hopefully be able to post
>> something soon.
>
> Good. Having got the tests running cleanly on Linux, I'm now going back
> to work on that for Windows.
>
> After that I'll look at the hook/callback stuff.
The attached v9 contains mostly a first stab at getting some documentation
going, it's far from completed but I'd rather share more frequently to not have
local trees deviate too much in case you've had time to hack as well. I had a
few documentation tweaks in the code too, but no real functionality change for
now.
The 0001 patch isn't strictly necessary but it seems reasonable to address the
various ways OpenSSL was spelled out in the docs while at updating the SSL
portions. It essentially ensures that markup around OpenSSL and SSL is used
consistently. I didn't address the linelengths being too long in this patch to
make review easier instead.
cheers ./daniel
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-docs-consistent-markup-for-OpenSSL-and-SSL-v9.patch | application/octet-stream | 9.7 KB |
| 0002-Support-for-NSS-as-a-TLS-backend-v9.patch | application/octet-stream | 397.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | k.jamison@fujitsu.com | 2020-09-01 13:02:28 | RE: [Patch] Optimize dropping of relation buffers using dlist |
| Previous Message | Georgios Kokolatos | 2020-09-01 12:35:19 | Re: v13: show extended stats target in \d |