Re: [HACKERS] GnuTLS support

On 01/26/2018 03:54 AM, Peter Eisentraut wrote:
> On 1/25/18 20:10, Michael Paquier wrote:
>> Peter, could you change ssl_version() and ssl_cipher() in sslinfo at the
>> same time please? I think that those should use the generic backend-side
>> APIs as well. sslinfo depends heavily on OpenSSL, OK, but if possible
>> getting this code more generic will help users of sslinfo to get
>> something partially working with other SSL implementations natively.
> 
> sslinfo is currently entirely dependent on OpenSSL, so I don't think
> it's useful to throw in one or two isolated API changes.
> 
> I'm thinking maybe we should get rid of sslinfo and fold everything into
> pg_stat_ssl.

I think sslinfo should either use the pg_tls_get_* functions or be 
removed. I do not like having an OpenSSL specific extension. One issue 
though is that pg_tls_get_* truncates strings to a given length while 
sslinfo allocates a copy and is therefore only limited by the maximum 
size of text, but this may not be an issue in practice.

Andreas