Re: Support for NSS as a libpq TLS backend

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Jacob Champion <pchampion(at)vmware(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de>
Subject: Re: Support for NSS as a libpq TLS backend
Date: 2021-05-28 09:04:12
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Attached is a rebase to keep bitrot at bay. On top rebasing and smaller fixes
in comments etc, this version fixes/adds a number things:

* Performs DN resolution to support the DN mapping
* Locks the SECMOD parts and PR_Init call in the frontend as per Jacobs
findings upthread
* Properly set the tokenname of the database to avoid ambigious lookups in case
multiple databases are loaded (a better name to ensure uniqueness is a TODO)
* Adds a test for certificate lookup without sslcert set

Attachment Content-Type Size
v36-0009-nss-Build-infrastructure.patch application/octet-stream 21.4 KB
v36-0008-nss-Support-NSS-in-cryptohash.patch application/octet-stream 6.1 KB
v36-0007-nss-Support-NSS-in-sslinfo.patch application/octet-stream 3.6 KB
v36-0006-nss-Support-NSS-in-pgcrypto.patch application/octet-stream 24.9 KB
v36-0005-nss-Documentation.patch application/octet-stream 33.4 KB
v36-0004-nss-pg_strong_random-support.patch application/octet-stream 2.0 KB
v36-0003-nss-Add-NSS-specific-tests.patch application/octet-stream 57.8 KB
v36-0002-Refactor-SSL-testharness-for-multiple-library.patch application/octet-stream 11.5 KB
v36-0001-nss-Support-libnss-as-TLS-library-in-libpq.patch application/octet-stream 98.5 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Tomas Vondra 2021-05-28 10:35:34 Re: Add ZSON extension to /contrib/
Previous Message 2021-05-28 08:47:01 RE: Parallel Inserts in CREATE TABLE AS