Re: [PATCH] Automatic client certificate selection support for libpq v1

Peter Eisentraut wrote:
> On Friday 08 May 2009 22:03:56 Tom Lane wrote:
>>  I hesitate though to suggest that we think about porting
>> ourselves to NSS --- I'm not sure that there would be benefits to us
>> within the context of Postgres alone.
> 
> That could be attractive if we ripped out the OpenSSL code at the same time, 
> as the NSS API is purportedly more abstract and presumably would reduce the 
> amount and the complexity of the code.

Is NSS available on all the platforms that we are (and that has OpenSSL
today)?

Another thought: if we were to make ourselves support multiple SSL
libraries (that has been suggested before - at that point, people wanted
GnuTLS), we could also add support for Windows SChannel, which I'm sure
some win32 people would certainly prefer - much easier to do SSL
deployments within an existing MS infrastructure...

But no, that certainly wouldn't *reduce* the amount of code...

//Magnus