Re: Support for NSS as a libpq TLS backend

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Jacob Champion <pchampion(at)vmware(dot)com>
Cc: "daniel(at)yesql(dot)se" <daniel(at)yesql(dot)se>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>
Subject: Re: Support for NSS as a libpq TLS backend
Date: 2021-02-04 07:30:37
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Tue, Feb 02, 2021 at 08:33:35PM +0000, Jacob Champion wrote:
> Note that this changes the error message printed during the invalid-
> root tests, because NSS is now sending the root of the chain. So the
> server's issuer is considered untrusted rather than unrecognized.

I think that it is not a good idea to attach the since-v*.diff patches
into the threads. This causes the CF bot to fail in applying those

Could it be possible to split 0001 into two parts at least with one
patch that includes the basic changes for the build and ./configure,
and a second with the FE/BE changes?

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Smith 2021-02-04 08:00:56 Re: pg_replication_origin_drop API potential race condition
Previous Message Dilip Kumar 2021-02-04 07:28:29 Re: Correct comment in StartupXLOG().