Re: [PATCH] Automatic client certificate selection support for libpq v1

In message <14727.1241816192@sss.pgh.pa.us>, Tom Lane writes:
   > It is of course possible to support both at the same time (at   > compile-time, if nowhere else).      Yes, I
supposewe'd not wish to just drop openssl completely.   I wonder how much code duplication would ensue from a
compile-time  choice of which library to use ...
 

My only datapoint for you is curl, which is an application I happen to
have discovered that can use either NSS and OpenSSL.
Lines  Words  Chars Filename 2508   7890  74682 ssluse.c 1331   3708  36411 nss.c

I imagine that you would more or less have to provide a different
be-secure.c and fe-secure.c file for the two different
libraries--whether as a separate file or via #ifdefs.  It looks like
there is a small amount of common code present (why *is*
pg_block_sigpipe() in that file anyway?)
                -Seth Robertson                 in-pgsql-hackers@baka.org