Re: Support for NSS as a libpq TLS backend

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Jacob Champion <pchampion(at)vmware(dot)com>
Cc: "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>
Subject: Re: Support for NSS as a libpq TLS backend
Date: 2021-02-08 23:11:05
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

> On 4 Feb 2021, at 19:35, Jacob Champion <pchampion(at)vmware(dot)com> wrote:
> On Thu, 2021-02-04 at 16:30 +0900, Michael Paquier wrote:
>> On Tue, Feb 02, 2021 at 08:33:35PM +0000, Jacob Champion wrote:
>>> Note that this changes the error message printed during the invalid-
>>> root tests, because NSS is now sending the root of the chain. So the
>>> server's issuer is considered untrusted rather than unrecognized.
>> I think that it is not a good idea to attach the since-v*.diff patches
>> into the threads. This causes the CF bot to fail in applying those
>> patches.
> Ah, sorry about that. Is there an extension I can use (or lack thereof)
> that the CF bot will ignore, or does it scan the attachment contents?

Naming the file .patch.txt should work, and it serves the double purpose of
making it extra clear that this is not a patch intended to be applied but one
intended to be read for informational purposes.

Daniel Gustafsson

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Noah Misch 2021-02-08 23:11:52 Re: 2021-02-11 release announcement draft
Previous Message Daniel Gustafsson 2021-02-08 23:08:37 Re: Support for NSS as a libpq TLS backend