| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com> |
| Subject: | Re: Proposed patch for key managment |
| Date: | 2020-12-17 01:24:56 |
| Message-ID: | X9qzaPpB8hsBwmU4@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Dec 17, 2020 at 01:15:37AM +0100, Daniel Gustafsson wrote:
> In vtls library contexts are abstracted to the core code, with implementations
> supplying a struct with a set of function pointers implementing functionality
> (this difference is due to libcurl supporting multiple TLS libraries compiled
> at the same time, something postgres IMO shouldn't do). We do give
> implementations a bit more leeway with how feature complete they must be,
> mainly due to the wide variety of libraries supported (from OpenSSL to IBM
> GSKit and most ones in between). While basic it has served us quite well and
> we have had first time contributors successfully come with a new TLS library as
> a patch.
This infrastructure has been chosen because curl requires to be able
to use multiple types of libraries at run-time, right? I don't think
we need to get down to that for Postgres and keep things so as we are
only able to use one TLS library at the same time, the one compiled
with. This makes the protocol simpler. But perhaps I just lack
ambition and vision.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Justin Pryzby | 2020-12-17 01:28:31 | [PATCH] nbtree: Do not show debugmessage if deduplication is disabled |
| Previous Message | Zhihong Yu | 2020-12-17 00:31:08 | Re: On login trigger: take three |