Re: Support for NSS as a libpq TLS backend

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Andres Freund <andres(at)anarazel(dot)de>
Cc: Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Michael Paquier <michael(at)paquier(dot)xyz>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>
Subject: Re: Support for NSS as a libpq TLS backend
Date: 2020-10-28 10:56:26
Message-ID: F74866FC-3849-4892-8485-C80DC45BEAF9@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

>>> Personally I'd like to see this patch broken up a bit - it's quite
>>> large. Several of the changes could easily be committed separately, no?
>>
>> Not sure how much of this makes sense committed separately (unless separately
>> means in quick succession), but it could certainly be broken up for the sake of
>> making review easier.
>
> Committing e.g. the pgcrypto pieces separately from the backend code
> seems unproblematic. But yes, I would expect them to go in close to each
> other. I'm mainly concerned with smaller review-able units.

Attached is a v14 where the logical units are separated into individual
commits. I hope this split makes it easier to read.

The 0006 commit were things not really related to NSS at all that can be
submitted to -hackers independently of this work, but they're still there since
this version wasn't supposed to change anything.

Most of the changes to sslinfo in 0005 are really only needed in case OpenSSL
isn't the only TLS library, but I would argue that they should be considered
regardless. There we are still accessing the ->ssl member directly and passing
it to OpenSSL rather than using the be_tls_* API that we have. I can extract
that portion as a separate patch submission unless there are objections.

cheers ./daniel

Attachment Content-Type Size
v14-0001-NSS-Frontend-Backend-and-build-infra.patch application/octet-stream 99.7 KB
v14-0002-NSS-Testharness-updates.patch application/octet-stream 47.6 KB
v14-0003-NSS-pg_strong_random-support.patch application/octet-stream 5.5 KB
v14-0004-NSS-Documentation.patch application/octet-stream 14.2 KB
v14-0005-NSS-contrib-modules.patch application/octet-stream 35.7 KB
v14-0006-NSS-to-be-submitted-separately.patch application/octet-stream 2.6 KB

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message tsunakawa.takay@fujitsu.com 2020-10-28 10:59:28 RE: Multiple hosts in connection string failed to failover in non-hot standby mode
Previous Message Magnus Hagander 2020-10-28 10:52:30 Re: cutting down the TODO list thread