Re: Support for NSS as a libpq TLS backend

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Jacob Champion <pchampion(at)vmware(dot)com>
Cc: "daniel(at)yesql(dot)se" <daniel(at)yesql(dot)se>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de>
Subject: Re: Support for NSS as a libpq TLS backend
Date: 2021-01-27 07:39:23
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Wed, Jan 20, 2021 at 05:07:08PM +0000, Jacob Champion wrote:
> Lovely. I didn't expect *removing* an extension to effectively *add*
> more, but I'm glad it works now.

My apologies for chiming in. I was looking at your patch set here,
and while reviewing the strong random and cryptohash parts I have
found a couple of mistakes in the ./configure part. I think that the
switch from --with-openssl to --with-ssl={openssl} could just be done
independently as a building piece of the rest, then the first portion
based on NSS could just add the minimum set in

Please note that the patch set has been using autoconf from Debian, or
something forked from upstream. There were also missing updates in
several parts of the code base, and a lack of docs for the new
switch. I have spent time checking that with --with-openssl to make
sure that the obsolete grammar is still compatible, --with-ssl=openssl
and also without it.


Attachment Content-Type Size
0001-Introduce-with-ssl-openssl-in-configure-options.patch text/x-diff 17.7 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Tang, Haiying 2021-01-27 07:55:33 RE: Parallel Inserts in CREATE TABLE AS
Previous Message Masahiko Sawada 2021-01-27 07:22:26 Re: Transactions involving multiple postgres foreign servers, take 2