|From:||Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>|
|To:||Andreas Karlsson <andreas(at)proxel(dot)se>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>|
|Cc:||Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>|
|Subject:||Re: [HACKERS] GnuTLS support|
|Views:||Raw Message | Whole Thread | Download mbox|
On 1/2/18 10:35, Peter Eisentraut wrote:
> On 11/26/17 20:05, Andreas Karlsson wrote:
>> I have now implemented this in the attached patch (plus added support
>> for channel binding and rebased it) but I ran into one issue which I
>> have not yet solved. The script for the windows version takes the
>> --with-openssl=<path> switch so that cannot just be translated to a
>> single --with-ssl switch. Should to have both --with-openssl and
>> --with-gnutls or --with-ssl=(openssl|gnutls) and --with-ssl-path=<path>?
>> I also do not know the Windows build code very well (or really at all).
> This patch appears to work well.
Seeing that Andres is apparently currently not available, I have started
to dig through this patch myself and made some adjustments.
Question for the group: We currently have a number of config settings
named ssl_*. Some of these are specific to OpenSSL, some are not, namely:
# GnuTLS (proposed)
(effectively a combination of ssl_ciphers and ssl_prefer_server_ciphers)
Should we rename the OpenSSL-specific settings to openssl_*?
It think it would be better for clarity, and they are not set very
commonly, so the user impact would be low.
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
|Next Message||David Pereiro Lagares||2018-01-17 17:34:54||Index-only scan returns incorrect results when using a composite GIST index with a gist_trgm_ops column.|
|Previous Message||Peter Geoghegan||2018-01-17 17:27:10||Re: [HACKERS] Parallel tuplesort (for parallel B-Tree index creation)|