| From: | Jacob Champion <pchampion(at)vmware(dot)com> |
|---|---|
| To: | "daniel(at)yesql(dot)se" <daniel(at)yesql(dot)se>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz> |
| Cc: | "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net> |
| Subject: | Re: Support for NSS as a libpq TLS backend |
| Date: | 2021-01-20 00:40:07 |
| Message-ID: | f5974a6daae02996611caa216ab1ba469b3fa285.camel@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 2021-01-19 at 21:21 +0100, Daniel Gustafsson wrote:
> There is something iffy with these certs (the test fails
> on mismatching ciphers and/or signature algorithms) that I haven't been able to
> pin down, but to get more eyes on this I'm posting the patch with the test
> enabled.
Removing `--keyUsage keyEncipherment` from the native_server-* CSR
generation seems to let the tests pass for me, but I'm wary of just
pushing that as a solution because I don't understand why that would
have anything to do with the failure mode
(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM).
> The NSS toolchain requires interactive input which makes the Makefile
> a bit hacky, ideas on cleaning that up are appreciated.
Hm. I got nothing, short of a feature request to NSS...
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2021-01-20 00:45:22 | Re: New IndexAM API controlling index vacuum strategies |
| Previous Message | David Zhang | 2021-01-20 00:33:47 | Re: Add table access method as an option to pgbench |