Re: Support for NSS as a libpq TLS backend

On Tue, Feb 09, 2021 at 12:08:37AM +0100, Daniel Gustafsson wrote:
> Attached is a new patchset where I've tried to split the patches even further
> to try and separate out changes for easier review. While not a perfect split
> I'm sure, and clearly only for review purposes, I do hope it helps a little.
> There is one hunk in 0002 which moves some OpenSSL specific code from
> underneath USE_SSL, but thats about the only non-NSS change left in this
> patchset AFAICS.

I would have imagined 0010 to be either a 0001 or a 0002 :)

}
+#endif /* USE_SSL */
+
+#ifndef USE_OPENSSL

PQsslKeyPassHook_OpenSSL_type
PQgetSSLKeyPassHook_OpenSSL(void)
Indeed. Let's fix that on HEAD, as an independent thing.

errmsg("hostssl record cannot match because SSL is not supported by this build"),
- errhint("Compile with --with-ssl=openssl to use SSL connections."),
+ errhint("Compile with --with-ssl to use SSL connections."),
Actually, we could change that directly on HEAD as you suggest. This
code area is surrounded with USE_SSL so there is no need to mention
openssl at all.

-/* Support for overriding sslpassword handling with a callback. */
+/* Support for overriding sslpassword handling with a callback */
Makes sense.

/*
* USE_SSL code should be compiled only when compiling with an SSL
- * implementation. (Currently, only OpenSSL is supported, but we might add
- * more implementations in the future.)
+ * implementation.
*/
Fine by me as well, meaning that 0002 could just be committed as-is.
I am also looking at 0003 a bit.
--
Michael